3

We have a Win 2008 server running IIS7. The webserver runs several sites, one of which requires SSL for its e-commerce / data-capture components:

  • www.domainA.com :80 & 443
  • www.domainB.com :80
  • www.domainC.com :80
  • www.domainD.com :80

I have installed a certificate for domainA and added an HTTPS/443 binding for the www.domainA.com website. However, if I try to access https://www.domainB.com, I am shown the content from the domainA site.

How can I prevent all sites using the 443 binding from domainA? When I add the certificate to the binding, I am unable to set the hostname. If I use appcmd to set a hostname, the site gets 2 bindings and access via SSL doesn't work.

Only domainA should allow access on port 443 and other sites should refuse the connection.

Thanks James

James Costerton
  • 43
  • 5

1 Answers1

3

SSL starts connection BEFORE any HTTP header is sent - so clearly the server has now way of distinguishing what domain this connection is for until SSL connection is established.

Your binding is correct - the other sites are NOT bound to port 443... but by the time the SSL connection is established and the first HTTP header is sent it is already on the IP address (the name has been resolved via DNS).

As to a solution:

To circumvent what you see you need to bind domainA.com to a different IP address than the rest (and modify DNS accordingly).

Yahia
  • 69,653
  • 9
  • 115
  • 144
  • Thanks for the reply. I presumed it would require a dedicated IP for the SSL site but just wanted to make sure I wasn't missing a trick. – James Costerton Nov 13 '11 at 20:15
  • 1
    @JamesCosterton you are welcome :-) please don't forget to mark as accepted any answer that was of help (see http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work). – Yahia Nov 13 '11 at 20:17