0

I'm using Windows 2008 Server and IIS7.

Suppose I have one SSL certificate for both foo.example.com and bar.example.com bound to port 443 of my server. I cannot change the certificate.

Suppose also that both foo.example.com and bar.example.com point to my server in DNS, and I cannot change the DNS settings.

Is there any way to configure IIS to reject all requests to https: //foo.example.com? (Requests to https: //bar.example.com should keep working.)

2 Answers2

0

One option would be to simple create a website and bind it to the host header foo.example.com. Have this website simply be a page declaring access denied.

http://technet.microsoft.com/en-us/library/cc753195(WS.10).aspx
Nissan Fan
  • 350
  • 2
  • 13
  • Thanks! Couldn't find a way to do this for HTTPS through the IIS7 management UI, but I tried the command-line approach in the article you pointed to and it seems to work. –  Oct 06 '09 at 18:15
0

The fact that the SSL certificate is valid for both URLs does not mean that the actual website in IIS has to have both sites bound to it. If you edit the Port 443 binding in IIS to include the hostname of https://foo.example.com, it will reject any and all requests from other host names, even if the other host names are specified on the certificate. Basically, the certificate is to confirm for the end user when they hit the site that they are hitting the right site, the certificate doesn't tell IIS what sites it must display though.

Charles
  • 879
  • 5
  • 9