Link to home
Start Free TrialLog in
Avatar of rivkamak
rivkamakFlag for United States of America

asked on

How to create a default SSL site for sites that have SNI enabled

I have started using SNI on my sites in IIS. I just noticed now that there is a alert saying  ..

.. "No default SSL site has been created. To support browsers without SNI capabilities, it is recommended to create a default SSL site."

Could someone please explain how I would go about creating this default SSL site?

How does this solve the problem with browsers that dont support SNI. Will this fix allow these browsers to go on this site without any security warnings?  My ssl cert is a wildcard cert if that makes any difference.

Thank you
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rivkamak
rivkamak
Flag of United States of America image

ASKER

From my end I agree, but management will most probably not like this. Most of the deprecated browser/OS's are not used but I do see in analytics that internet explorer on windows xp is used (not much but there is enough traffic that might be of concern) and sni is not supported on IE on xp.
Avatar of rivkamak
rivkamak
Flag of United States of America image

ASKER

Is it possible to still use sni but have it work properly for the deprecated browsers somehow?
Avatar of masnrock
masnrock
Flag of United States of America image
Not the shortest thing to explain, so it would make sense to give you this article from Comodo in order to help you get things set up: https://ssl.comodo.com/support/how-to-setup-sni-on-iis-8.php
Avatar of rivkamak
rivkamak
Flag of United States of America image

ASKER

I dont fully understand the article. Is it saying that instead of SNI, a site binding could be made for that site that just has hostname without ip?