0

I am running a server with several websites on IIS. The websites use host names, have bindings for http and https in order to redirect http to https using URL rewrite, and use SSL without any problems.

I have created a new website running WordPress multisite configured for subdomains. The site has its own wildcard SSL certificate. My assumption was (I tested this on http and it worked fine) that adding a binding for "any" host header with 443 (there is no other site bound to no host header, the default website was deleted) with the wildcard SSL would handle subsites created on WordPress. This would make adding separate bindings for each subsite unnecessary.

However, if I enable this configuration, all of the other sites on the machine start producing SSL errors, saying they are bound to the wildcard SSL certificate instead of their own certificate. The option that introduces the error is the binding without host header to port 443.

I am aware that I can use wildcard bindings in IIS10 (the machine in question is running IIS8.5) but before I consider upgrading, am I missing something?

Robert de Graaff
  • 1
  • First you need to learn how Windows HTTP API handles certificate mappings, https://docs.jexusmanager.com/tutorials/https-binding.html As you are on IIS 8.5, you should be able to fully utilize SNI. Once you are sure mappings are OK, then you can go back to site bindings. – Lex Li Sep 04 '19 at 19:09
  • My conclusion is that sni is only available when a hostname is specified, and as soon as a site without a hostname is encountered it takes precedence over the other sites that are configured for sni. – Robert de Graaff Sep 05 '19 at 20:25

0 Answers0