Answer the question
In order to leave comments, you need to log in
How to connect multiple certificates to 1 site iis 7.5?
Hello dear community!
Please clarify the point: is it possible to add bind's for an iis 7.5 site with multiple certificates?
At the moment, the main certificate is attached to the site: the
bind looks like this. way:
https, external ip, 443, mywebsite.domain + ssl1
for access via internal ip were connecting subdomains subd1.mywebsite.local; subd2.mywebsite.local etc.
and certificates of the same name to them have been issued and added to the system.
Now, when I try to register binds for internal http links, it works. But when connecting a certificate, the first one in the list of binds for all links is taken.
Those. situation 1:
bind 1: https, external ip, 443, mywebsite.domain + ssl1
bind 2: https, internal ip, 54443, subd1.mywebsite.local + ssl:"subd1.mywebsite.local"
bind 3: https, internal ip, 54444, subd2.mywebsite.local + ssl:"subd2.mywebsite.local"
in this scenario, the ssl1 certificate is applied to all links, respectively, the main link opens perfectly and is authenticated by browsers, and the second links define this ssl1 and swear that they cannot pass the test. Firefox err: SSL_ERROR_BAD_CERT_DOMAIN
Situation 2:
bind 1: https, internal ip, 54443, subd1.mywebsite.local + ssl:"subd1.mywebsite.local"
bind 2: https, internal ip, 54444, subd2.mywebsite.local + ssl: "subd2.mywebsite.local"
bind 3: https, external ip, 443, mywebsite.domain + ssl1
In this case, ssl:"subd1.mywebsite.local" is applied to all links, but Firefox err: SSL_ERROR_BAD_CERT_DOMAIN remains. And mywebsite.domain becomes completely unavailable.
Perhaps someone has come across, or there are thoughts where to look, maybe I’m trying to do something that iis does not explicitly allow, but I can’t find confirmation of this.
Thank you for your attention and possible help.
UPD: There is no way to check yet, but there is confidence in the trail. facts:
for the first bind, the name of the common domain was not specified and there was a "*" mask and a certificate was attached. So based on this template (it works out in priority), the system thinks that it is necessary to apply the certificate to all domain certificates, despite the fact that the binds of other certificates are already indicated below for other domains.
Answer the question
In order to leave comments, you need to log in
It is forbidden. In order for the network certificate to be valid for several names, you need to order a SAN certificate. LE seems to know how (did not check), but in general they are quite expensive. Well, homemade, of course, you can do whatever you want.
It is possible only on the condition that different certificates are bound to different ports, that is, only one certificate is allowed per port.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question