Different SSL Certificates Served for the Same Site Depending on Where the Browser Is in IIS

I have a website that is reachable on the internet and also on a local network. On the local network, pinging the server name produces a different IP address than I get when I ping it from the open internet.

I'm having a situation where the website is served with a different SSL certificate depending on where the client browser is seeing the site from. Both server certificates are visible when I look at the server's Server Certificates from within IIS. But as far as I can tell, only one of the certificates is specified for the website in its bindings. How can this other certificate also be bound to the website when viewed from on the local network?

Also, is there a way on a Windows Server to determine what sites a specific server certificate is bound to? (That is, starting with the certificate and looking for the site as opposed to the other, more usual direction?)

For your second question, you could do something like this in PowerShell:

Get the thumbprint for the certificate you are interested in:

 $tp = (Get-ChildItem Cert:\LocalMachine\my | Where-Object Subject -eq "cn=www.stackoverflow.com").Thumbprint

The command netsh http show sslcert lists all the certificate bindings, but with lots of extra information, filter the output:

netsh http show sslcert | Select-String -Pattern $tp  -SimpleMatch -Context 1,0

We search for the thumbprint and also show one line before the matching line, but no lines after it.

This should give you the Binding information which you can use to find the web site it is used for.

Get-ChildItem IIS:\SslBindings\ | Where-Object Port -eq 443 | Where-object Host -eq www.foo.com