No announcement yet.

ssl cert mis-match in iis 6

  • Filter
  • Time
  • Show
Clear All
new posts

  • ssl cert mis-match in iis 6

    I've got two sites on the same server running IIS 6.0. -> running on
    -has an ssl cert issued to:
    * there are other sites using this IP address but only site1.domain has an SSL cert -> running on
    -has an ssl cert issued to:
    * there are no other sites running on this IP

    Each site has an SSL certificate installed that is correctly issued to each site.
    * I am NOT using wildcard certificates.

    When I hit in my browser, it presents the correct SSL certificate. But when I try, it actually presents the SSL certificate from site1 which is issued to site1.domain not site2.domain, and of course the browser throws warnings.

    I verified each site has the correct cert under Site Properties > Directory Security > View Certificate.

    I thought it was no problem running multiple SSL sites on port 443, as long as their IP address was unique.

    Question: Are we required to use a wildcard certificate to do this?

    If anyone has seen this before, help is much appreciated. Thank you.

  • #2
    Re: ssl cert mis-match in iis 6

    It might be a simple matter of where the browser is being directed to. What DNS records have you set up for each site? Have you verified that when you try site 2 that it's actually going to site 2 and not site 1? Have you tried browsing each site directly from IIS Manager to confirm what you're seeing?


    • #3
      Re: ssl cert mis-match in iis 6

      Good question I should've put that in my post.

      Pinging each domain name resolves to the correct IP addresses (from both my machine and the server) and there are no redirects in place in IIS or at the file level.

      On that note, I am able to replicate this issue on our production webserver and a test/dev webserver.

      * I should mention that when this was setup we couldn't get Site2.domain to load at all until we set the SSL Bindings using the following:

      cscript adsutil.vbs set /w3svc/siteID/ ""

      This made the site "functional" but we didn't realize at the time the browser was throwing an error because it was using site1's cert on site2.

      I think maybe setting these SSL bindings could be causing part of the issue too.

      Thanks for your help.


      • #4
        Re: ssl cert mis-match in iis 6

        I would double check each site to make sure the correct cert is installed, that each is set to listen on a unique ip address, that SSL is set to use port 443 and bound to the correct ip for each site, stop and restart each site, and possibly stop and restart IIS.