We have 6 web servers all running 2012 R2 and IIS 8. They all run the same website with a wildcard certificate *.ourdomain.com that works great. Most of our clients use name.ourdomain.com for their websites on our platform so our cert covers 99% of them.
We have some clients who like to use their own custom domain on our system and that is where we have run into some issues. I set up a "certificate store" for client certs and we have added the client's certificates there. Our wildcard cert is bound individually to each of the 6 web servers in the traditional way, because the certificate store requires a hostname, which defeats the purpose of a wildcard. Also SNI does not help us with the wildcard cert either, I have read that it is better not to use it in our situation with wildcards but I may be wrong. Enabling it does not fix this issue.
When assigning/binding the certificate store cert to the client's website using name.clientdomain.com, it seems to take over all the ssl traffic regardless of the hostname requested and our main site breaks. Is there a better way to set this up? Do I need to assign separate IP addresses like we did back in IIS7? I want to avoid that since it eats up 6 IP's for each client and they would fill up fast.
Or should I assign one block of IP's for the wilcard and one block for the shared certificate store certs?
Thanks for your help I hope that all makes sense.