13

enter image description here

I am trying to get both my sites running with their seperate certificates on a Windows Server 2012 R2.

Should this not be possible?

On the last added site www.c1get.net I get the certificate from the first site and a warning therefore.

Update

SSL Certificate bindings:
-------------------------

    IP:port                      : 0.0.0.0:443
    Certificate Hash             : fabae896e032f9ba08b389d8c9ecd33908fabe31
    Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name       : My
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled

    IP:port                      : 100.88.158.59:443
    Certificate Hash             : 09ee7268be2509e3262dcae9df10563dce265bd3
    Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name       : MY
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled

    Hostname:port                : owindemo.s-innovations.net:443
    Certificate Hash             : 09ee7268be2509e3262dcae9df10563dce265bd3
    Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name       : My
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled

    Hostname:port                : demo009.s-innovations.net:443
    Certificate Hash             : 09ee7268be2509e3262dcae9df10563dce265bd3
    Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name       : My
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled

    Hostname:port                : www.s-innovations.net:443
    Certificate Hash             : 09ee7268be2509e3262dcae9df10563dce265bd3
    Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name       : My
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled

    Hostname:port                : www.c1get.net:443
    Certificate Hash             : fabae896e032f9ba08b389d8c9ecd33908fabe31
    Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    Certificate Store Name       : My
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled
Poul K. Sørensen
  • 191
  • 1
  • 3
  • 14

2 Answers2

13

Answering this on behalf of Shane Madden and s093294

Shane: I wonder if the non-SNI bind on that IP is making a difference for some reason.. Any change if that binding is disabled?

s093294: Okay. That was the problem. I removed it with netsh http delete. Now I just need to figure out why it was there in the first place. Its an automated setup that deploys a machine on azure cloud services.

MichelZ
  • 11,008
  • 4
  • 30
  • 58
  • Had the same issue with Azure cloud service deploy and SNI config. I know it's very old quesiton, but any luck with figuring out what was the reason for default records in `netsh http sslcert`? – Sergey Litvinov Mar 02 '17 at 17:59
  • 2
    Let me more clear: Same problem on Windows Server 2016 with IIS10.0. obviously it's a some kind of BUG, If add a new SSL bind with IP (but no URL name) and certification, it will appeared: that certification will show on in different URL when you open it in the browser, no matter you delete that bind the problem still exists. You need check it by : `netsh http show sslcert` in command line, if you find out there is a IP address binding but not in you're IIS, that's it. And need to delete it by manually in command line :`netsh http delete sslcert ipport=[bind IP address]:[bind port]`. tired.... – qakmak Jul 11 '19 at 00:43
-1

I had the same issue, where SNI was not working. This answer corrected my issue. In addition, I removed my second SSL from IIS and re-completed it, re-bound, and restarted the IIS site. Great info.

You need check it by : netsh http show sslcert in command line, if you find out there is a IP address binding but not in you're IIS, that's it.

And need to delete it by manually in command line :

netsh http delete sslcert ipport=[bind IP address]:[bind port]

Stuggi
  • 3,366
  • 4
  • 17
  • 34