Score:0

Server

IIS 8 Default SSL Bindings Break

DMunson

6/16/24, 1:42 PM

Scenario: We have two sites on Windows Server 2012 R2 running IIS8. There are two wildcard certificates for each domain. *pharmlogs that binds to the site and subdomains pharmlogs.com and *traxworx that should bind to domain and subdomains of traxworx.com (shows privacy security error for traxworx) If I uncheck "Require Server Name Indication" from traxworx.com, then the pharmlogs.com sites show the privacy security error even though they have different wildcard certificates.

All bindings are to the IP address of the server (none are "All Unassigned")

How do I configure the sites so they use their appropriate certificates?

Do all "Require Server Name Indication" checkboxes need to be checked for all of the sites and their subdomains?

2 + 3

ssl

ssl-certificate-errors

Vadim

6/16/24, 2:19 PM

And why are you unchecking "Require Server Name Indication"?

DMunson

6/16/24, 2:27 PM

Because when the Require SNI was checked, a privacy error was displayed on both sites.

Vadim

6/16/24, 2:45 PM

Are there two IIS sites and each one is bound to the same IP? Add the second IP to the server and bind a second site to this new separate IP.

Score:0

Server

DMunson

6/17/24, 4:35 PM

I found the issue.

One of the sub-domains still had the "Require Server Name Indication" unchecked.

Trick is that every domain and subdomain must have the "Require Server Name Indication" checked and associated with the correct certificate.

Thanks all for the input.

+ 1

Lex Li

6/18/24, 6:18 AM

A quicker way to analyze this is to go directly to Windows HTTP API, https://docs.jexusmanager.com/tutorials/https-binding.html#background

Score:-2

Server

DubStep

6/16/24, 6:56 PM

Removing what I said which was incorrect so no one mistakenly follows it.

+ 2

Greg W

6/16/24, 11:51 PM

If you use SNI you can have different certificates on each binding as long as the binding hostname matches the host in the SNI header.

DubStep

6/28/24, 9:15 PM

Ah yes, you are correct, my bad.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: IIS 8 Default SSL Bindings Break

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.