Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Andrey Kamynin2019-11-12 11:34:36
IIS
Andrey Kamynin, 2019-11-12 11:34:36

How to connect multiple certificates to 1 site iis 7.5?

Hello dear community!
Please clarify the point: is it possible to add bind's for an iis 7.5 site with multiple certificates?
At the moment, the main certificate is attached to the site: the
bind looks like this. way:
https, external ip, 443, mywebsite.domain + ssl1
for access via internal ip were connecting subdomains subd1.mywebsite.local; subd2.mywebsite.local etc.
and certificates of the same name to them have been issued and added to the system.
Now, when I try to register binds for internal http links, it works. But when connecting a certificate, the first one in the list of binds for all links is taken.
Those. situation 1:
bind 1: https, external ip, 443, mywebsite.domain + ssl1
bind 2: https, internal ip, 54443, subd1.mywebsite.local + ssl:"subd1.mywebsite.local"
bind 3: https, internal ip, 54444, subd2.mywebsite.local + ssl:"subd2.mywebsite.local"
in this scenario, the ssl1 certificate is applied to all links, respectively, the main link opens perfectly and is authenticated by browsers, and the second links define this ssl1 and swear that they cannot pass the test. Firefox err: SSL_ERROR_BAD_CERT_DOMAIN

Situation 2:
bind 1: https, internal ip, 54443, subd1.mywebsite.local + ssl:"subd1.mywebsite.local"
bind 2: https, internal ip, 54444, subd2.mywebsite.local + ssl: "subd2.mywebsite.local"
bind 3: https, external ip, 443, mywebsite.domain + ssl1
In this case, ssl:"subd1.mywebsite.local" is applied to all links, but Firefox err: SSL_ERROR_BAD_CERT_DOMAIN remains. And mywebsite.domain becomes completely unavailable.

Perhaps someone has come across, or there are thoughts where to look, maybe I’m trying to do something that iis does not explicitly allow, but I can’t find confirmation of this.
Thank you for your attention and possible help.

UPD: There is no way to check yet, but there is confidence in the trail. facts:
for the first bind, the name of the common domain was not specified and there was a "*" mask and a certificate was attached. So based on this template (it works out in priority), the system thinks that it is necessary to apply the certificate to all domain certificates, despite the fact that the binds of other certificates are already indicated below for other domains.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
CityCat4, 2019-11-12
@AndrewZ990

It is forbidden. In order for the network certificate to be valid for several names, you need to order a SAN certificate. LE seems to know how (did not check), but in general they are quite expensive. Well, homemade, of course, you can do whatever you want.
It is possible only on the condition that different certificates are bound to different ports, that is, only one certificate is allowed per port.

Similar questions
V
voronin_denis2016-11-23 17:31:35
What is the correct way to make changes to an ASP.NET project? 3Reply
A
Andrey Strelkov2019-04-23 10:39:09
How to deploy nuget server offline? 0Reply
M
micropodgon2016-11-28 22:25:56
How can I configure IIS so that it doesn't emit certain custom headers in case of http, but emits them in case of https? 0Reply
D
Dmitry Filandor2016-12-17 17:36:52
How to force locale in ASP MVC? 1Reply
E
EvilLord2014-12-26 11:08:59
What books / manuals on IIS 7 to read (authorization by certificates is of interest)? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question