1

On a dev server with one IP I have several domains and sites and they have been working fine coexisting with different SSL certs. When adding a new dev site and binding it to SSL I accidentally saved the binding without the [ ] Require Name Server Indication.

Now I cannot undo it simply by turning it on. What is happening is that the last domain saved (with checkbox off) wins for all sites on the server. if I last uncheck it for abc.com it breaks xyz.com, I can make the same mistake on xyz.com and it breaks abc.com. it doesn't recover by going back and marking the checkbox.

How can I recover?

I have stepped through each site with SSL and see the checkbox on and even toggled each from the needed cert to the IIS dev cert and back - but after doing all the issue still persists.

phoenixAZ
  • 169
  • 1
  • 5
  • When you say "the last site wins", do you mean if you have site A with SNI not checked, but site B is checked, then if a user navigates to site B, then IIS will redirect them to site A? Is that what you mean? – Vincent Mar 17 '23 at 00:39

1 Answers1

0

I downloaded and used jexus which under HTTP API shows certs mapped to the Ip address, in that tool I could delete it. Now the IIS sites seem to be respecting the server name indication.

HTTP API is one of the icons found on the top level IIS pane. It would be in the list as a port 443 cert on the Ip Based tab. Delete that one.

phoenixAZ
  • 169
  • 1
  • 5