As you probably know the classic way to configure https site in IIS is to add site binding for 443 port on specific IP address with SSL certificate. This approach works but the problem is that you may have only 1 https site per IP address. If you would try to create second site on the same IP the following message is shown:
At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?
In order to create more https sites additional IP addresses are required. In turn it adds more maintenance efforts, firewalls configurations, etc.
Currently in IIS there is more convenient way which allows to create multiple https sites on the same IP address: Server Name Indication or SNI. SNI support was added to IIS from version 8 and all major browsers support it several years already (see Server Name Indication).
With SNI when you create SSL binding on IP address which is already used for other https site you have to check checkbox “Server Name Indication” and specify domain name which will be used for identifying the site:
There won’t be warnings and binding will be created successfully.
Thanks.
ReplyDeleteIn my case this was related to a subdomain the solution was put a *.domain.exmple in the certificate *.
ReplyDelete