How to create a default SSL site for sites that have SNI enabled

rivkamak
rivkamak used Ask the Experts™
on
I have started using SNI on my sites in IIS. I just noticed now that there is a alert saying  ..

.. "No default SSL site has been created. To support browsers without SNI capabilities, it is recommended to create a default SSL site."

Could someone please explain how I would go about creating this default SSL site?

How does this solve the problem with browsers that dont support SNI. Will this fix allow these browsers to go on this site without any security warnings?  My ssl cert is a wildcard cert if that makes any difference.

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
Commented:
You can probably safely ignore this as all modern browsers support SNI these days

Author

Commented:
From my end I agree, but management will most probably not like this. Most of the deprecated browser/OS's are not used but I do see in analytics that internet explorer on windows xp is used (not much but there is enough traffic that might be of concern) and sni is not supported on IE on xp.

Author

Commented:
Is it possible to still use sni but have it work properly for the deprecated browsers somehow?
Distinguished Expert 2018

Commented:
Not the shortest thing to explain, so it would make sense to give you this article from Comodo in order to help you get things set up: https://ssl.comodo.com/support/how-to-setup-sni-on-iis-8.php

Author

Commented:
I dont fully understand the article. Is it saying that instead of SNI, a site binding could be made for that site that just has hostname without ip?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial