I have a single IIS 7 server with a single IP address. Site 1 has an SSL cert for www and Site 2 has a wildcard SSL cert for various subdomains. Both sites use host headers to direct traffic off the single IP address. However, when I try to access a subdomain on Site 2 I see a browser warning telling me that the SSL cert is wrong and shows me the information for Site 1. Help!
3 Answers
26
votes
Until SNI is fully supported, you can only have one certificate per IP address. If you can get a certificate that covers both sites (a wildcard or a UC certificate, for example), you can set up SSL Host Headers to allow both sites to be secured.
12
votes
If you add the certificates with the friendly names beginning with an asterisk then you can edit the hostname field within the Bindings for each site.
So we had a certificate added as "ssl" (imagination was lacking at the time) which when added to two different sites actually used the first site regardless of domain name passed in (as the bindings had no hostname).
We removed and then added the certificate again as "*ssl" (again no imagination but we were tired by this point) and within the bindings for each site we were able to add hostnames and https calls to the domain names actually went to the right websites. We then had beer.
This guy did it for self-signed certificates but it worked for our SAN one too: https://wiki.gutzmann.com/confluence/display/HowTo/IIS+7.5+-+Multi-homing+for+HTTPS+with+self-signed+certificates
