36

I have setup few websites on IIS8 all using the same wildcard SSL certificate. Some of the sites need to be accessible to older browsers and operating systems, therefore I cannot use the "Require Server Name Indication" option.

Since SNI is not supported by all devices, IIS is showing the following alert:

"No default SSL site has been created. To support browsers without SNI capabilities, it is recommended to create a default SSL site."

How do I create a default SSL site? The closest article I found is not very clear, and I have the feeling that there must be an easier solution.

Server details: Windows Server 2012, IIS8, One external IP address

Emil
  • 461
  • 1
  • 4
  • 6
  • I love how this is such a "Well, whaddaya want me to do about it?" message. Fortunately, serverfault has the answer, as usual. – SilverbackNet Jul 24 '18 at 12:12

3 Answers3

49

You could chose any of the websites hosted in IIS and uncheck SNI (Server Name Indication there. Check this below

enter image description here

user70410
  • 676
  • 5
  • 4
  • 18
    You also need to clear the 'host name' field in order for it to act as the default SSL website. At least the warning on not having a default SSL site did not disappear until I did so, and the IIS8 guide on setting up multiple HTTPS sites described the same setup. – angularsen May 05 '15 at 23:01
  • 1
    FYI, regarding the comment above, I personally didn't need to clear "Host name" field for the warning to disappear, just unticked Require SNI option. IIS 8.0.9200 – Jimbo Jul 13 '18 at 05:17
  • 1
    I don't think it's necessary to uncheck it at this point, unless you have some special use case. All modern browsers [support it](https://caniuse.com/#search=sni). – Ryan Gates Mar 15 '19 at 17:21
  • 3
    I don't want to uncheck SNI, I just want to enable SNI capabilities with default SSL. – QMaster May 04 '20 at 11:07
  • Do not forget to Restart the site... (as I did) if you want this to work :) – Andrea Antonangeli Dec 20 '21 at 10:12
0

ts;dr: Ignore the warning.

It's 2022 and I was surprised to see this warning in a recently stood up Windows 2019 Server running IIS 10. Based on all major browsers supporting SNI for over 10 years, I think it's safe to say that you can simply disregard this warning.

TTT
  • 726
  • 4
  • 10
-1

If you currently have a * binding clear that out as well (and uncheck the require SNI box on that binding)

danekan
  • 101
  • 1