Multiple SSLs on the same IIs server

I have a wildcard ssl that most of my sites use. I need to add a site that
doesn't fit the wildcard naming scheme. I have read that I need a unique IP
address for the site so the users will be given the right ssl cert when they
browse the site.

I created the site, applied the cert, and assigned it a unique IP address.
Users are still given the wildcard cert and the browser tells them something
is wrong with it (because the address doesn't match.)

Am I missing something to get the right certificate to be sent to the users?
Is there another way or would I need a single IP for every single site that
has its own ssl?

Thanks

Re: Multiple SSLs on the same IIs server

Do your other sites also have an _assigned_ IP address, or are they
Unassigned?
Anthony, http://www.airdesk.co.uk


"super1" wrote in message
news:e2pR$wEBIHA.3916@TK2MSFTNGP02.phx.gbl...
>I have a wildcard ssl that most of my sites use. I need to add a site that
>doesn't fit the wildcard naming scheme. I have read that I need a unique
>IP address for the site so the users will be given the right ssl cert when
>they browse the site.
>
> I created the site, applied the cert, and assigned it a unique IP address.
> Users are still given the wildcard cert and the browser tells them
> something is wrong with it (because the address doesn't match.)
>
> Am I missing something to get the right certificate to be sent to the
> users? Is there another way or would I need a single IP for every single
> site that has its own ssl?
>
> Thanks
>

Re: Multiple SSLs on the same IIs server

At first they were still sitting at All Assigned. I have changed them all
to be on the original IP address and this new site is the only one with the
new IP. It still sends the wrong ssl to the browser.


"Anthony" wrote in message
news:eIivLqGBIHA.4584@TK2MSFTNGP03.phx.gbl...
> Do your other sites also have an _assigned_ IP address, or are they
> Unassigned?
> Anthony, http://www.airdesk.co.uk
>
>
> "super1" wrote in message
> news:e2pR$wEBIHA.3916@TK2MSFTNGP02.phx.gbl...
>>I have a wildcard ssl that most of my sites use. I need to add a site
>>that doesn't fit the wildcard naming scheme. I have read that I need a
>>unique IP address for the site so the users will be given the right ssl
>>cert when they browse the site.
>>
>> I created the site, applied the cert, and assigned it a unique IP
>> address. Users are still given the wildcard cert and the browser tells
>> them something is wrong with it (because the address doesn't match.)
>>
>> Am I missing something to get the right certificate to be sent to the
>> users? Is there another way or would I need a single IP for every single
>> site that has its own ssl?
>>
>> Thanks
>>
>
>

Re: Multiple SSLs on the same IIs server

Hi,

I'd like to suggest you first run the SSLDaig tool to scan the whole IIS
server's SSL configuration. Check if the correct certficate is actually
assigned to the problematic site and all web sites' SSL bindings are
correct. Especially all web sites should use their specific IP addresses
instead of 'all unassigned'. Also please test the following cases:

1. Use IP address to access the problematic SSL site, i.e: https:// address>/... to ensure this is not an incorrect DNS resolution issue.
2. Temporarily change the site to use a non-default SSL port instead of 443
to make IIS identify the site by port.
Will you still get the incorrect wildcard cert in these 2 cases?

The Lastest version SSLDiag can be found at:

Internet Information Services Diagnostic Tools
http://www.microsoft.com/windowsserver2003/iis/diagnostictoo ls/default.mspx

Note: when SSLDiag is finished scanning the SSL config, please double-click
a site's section (e.g [W3SVC/1]), the tool will open a new window to test
the SSL handshake.

Please send the log and trace to me at: wjzhang@online.microsoft.com
(remove online.) and my backup Wen Yuan: v-wywang@online.microsoft.com
(remove online.)

We are looking forward to your update.
Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx .

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Re: Multiple SSLs on the same IIs server

I ran the ssl diag tool and it showed me several errors. It helped me see
that I needed to edit the IP address on the Advanced Web Site Identification
section as well. Now the site is getting the correct SSL.

Thanks for your help!


""WenJun Zhang[msft]"" wrote in message
news:eisKxOMBIHA.5204@TK2MSFTNGHUB02.phx.gbl...
> Hi,
>
> I'd like to suggest you first run the SSLDaig tool to scan the whole IIS
> server's SSL configuration. Check if the correct certficate is actually
> assigned to the problematic site and all web sites' SSL bindings are
> correct. Especially all web sites should use their specific IP addresses
> instead of 'all unassigned'. Also please test the following cases:
>
> 1. Use IP address to access the problematic SSL site, i.e: https:// > address>/... to ensure this is not an incorrect DNS resolution issue.
> 2. Temporarily change the site to use a non-default SSL port instead of
> 443
> to make IIS identify the site by port.
> Will you still get the incorrect wildcard cert in these 2 cases?
>
> The Lastest version SSLDiag can be found at:
>
> Internet Information Services Diagnostic Tools
> http://www.microsoft.com/windowsserver2003/iis/diagnostictoo ls/default.mspx
>
> Note: when SSLDiag is finished scanning the SSL config, please
> double-click
> a site's section (e.g [W3SVC/1]), the tool will open a new window to test
> the SSL handshake.
>
> Please send the log and trace to me at: wjzhang@online.microsoft.com
> (remove online.) and my backup Wen Yuan: v-wywang@online.microsoft.com
> (remove online.)
>
> We are looking forward to your update.
> Thanks.
>
> Sincerely,
>
> WenJun Zhang
>
> Microsoft Online Community Support
>
> ==================================================
>
> Get notification to my posts through email? Please refer to:
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at:
>
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>