Incorrect SSL Certificate

Hi All,

I have IIS 5 running 3 websites...

- www.ourdomain.com
- ha.ourdomain.com
- www.someotherdomain.com

We have had a VeriSign SSL certificate installed on www.ourdomain.com
for some time, which works fine.

Recently, I have installed a trial Thawte certificate on
ha.ourdomain.com, this was setup specifically for that domain, when I
view the certificate in IIS, I see ha.ourdomain.com, however,
accessing the site ha.ourdomain.com over SSL results in a security
alert, because the name on the certificate does not match the site - I
click on 'view certificate' and see that the SSL cert for www.ourdomain.com
has been provided...Not the cert for ha.ourdomain.com!

Must say I am confused...To my knowledge, the correct certificate was
installed on the correct site...and what IIS tells me conflicts with
what my browser says!

Any ideas of help will of course be appreciated!

Thanks,

Simon.

Re: Incorrect SSL Certificate

How many IP addresses are you using? Certificates take one IP each. So you
can only run one site with SSL if you have only one IP. If you have two
IPs, you can run two SSL sites, etc. (The HTTP 1.1 header information used
to host more than one site on the same IP gets encrypted. I bet you get the
wrong site too right?)

"Adotek" wrote in message
news:1183121256.633212.41780@o61g2000hsh.googlegroups.com...
> Hi All,
>
> I have IIS 5 running 3 websites...
>
> - www.ourdomain.com
> - ha.ourdomain.com
> - www.someotherdomain.com
>
> We have had a VeriSign SSL certificate installed on www.ourdomain.com
> for some time, which works fine.
>
> Recently, I have installed a trial Thawte certificate on
> ha.ourdomain.com, this was setup specifically for that domain, when I
> view the certificate in IIS, I see ha.ourdomain.com, however,
> accessing the site ha.ourdomain.com over SSL results in a security
> alert, because the name on the certificate does not match the site - I
> click on 'view certificate' and see that the SSL cert for
> www.ourdomain.com
> has been provided...Not the cert for ha.ourdomain.com!
>
> Must say I am confused...To my knowledge, the correct certificate was
> installed on the correct site...and what IIS tells me conflicts with
> what my browser says!
>
> Any ideas of help will of course be appreciated!
>
> Thanks,
>
> Simon.
>

Re: Incorrect SSL Certificate

Hi,

Thanks for your reply!

On Jun 29, 2:44 pm, ".._.." <....@yourmom.mil> wrote:
> How many IP addresses are you using?
One - Looks like this is the problem then!

> to host more than one site on the same IP gets encrypted. I bet you get the
> wrong site too right?)
No, the correct site comes up fine

Can you give me some idea of how I get round this issue?

Simon.

Re: Incorrect SSL Certificate

"Adotek" wrote in message
news:1183126884.188370.293830@u2g2000hsc.googlegroups.com...
> Hi,
>
> Thanks for your reply!
>
> On Jun 29, 2:44 pm, ".._.." <....@yourmom.mil> wrote:
>> How many IP addresses are you using?
> One - Looks like this is the problem then!
>
>> to host more than one site on the same IP gets encrypted. I bet you get
>> the
>> wrong site too right?)
> No, the correct site comes up fine
>
> Can you give me some idea of how I get round this issue?
>
> Simon.
>

You don't. You are stuck, that's how HTTPS 1.1 works. It encrypts the
information used (host headers) by IIS to allow you to use 1 IP for several
sites.

If you want more certs, you need more IPs. Period.

Re: Incorrect SSL Certificate

On Jul 2, 8:06 am, ".._.." <....@yourmom.mil> wrote:
> "Adotek" wrote in message
>
> news:1183126884.188370.293830@u2g2000hsc.googlegroups.com...
>
>
>
>
>
> > Hi,
>
> > Thanks for your reply!
>
> > On Jun 29, 2:44 pm, ".._.." <....@yourmom.mil> wrote:
> >> How many IP addresses are you using?
> > One - Looks like this is the problem then!
>
> >> to host more than one site on the same IP gets encrypted. I bet you get
> >> the
> >> wrong site too right?)
> > No, the correct site comes up fine
>
> > Can you give me some idea of how I get round this issue?
>
> > Simon.
>
> You don't. You are stuck, that's how HTTPS 1.1 works. It encrypts the
> information used (host headers) by IIS to allow you to use 1 IP for several
> sites.
>
> If you want more certs, you need more IPs. Period.- Hide quoted text -
>
> - Show quoted text -

This is true in general although there is one workaround. It might not
work for you since you are using IIS 5 but it may work for some
people:

Using Host Headers with SSL-enabled Web Sites in IIS 6.0
http://agramont.net/blogs/conrad/archive/2006/06/26/21.aspx

--
Robert
SSL Shopper - SSL certificate comparison
http://www.sslshopper.com