Re: multiple certificates

From: Stephen L Nicoud (nicouds@hotmail.com)
Date: 03/12/03


From: "Stephen L Nicoud" <nicouds@hotmail.com>
Date: Tue, 11 Mar 2003 18:11:00 -0500


For the site with SSL on port 444 are you accessing this way:

https://yourservernamehere:444/

You have to add the port number if you are using anything other than the default of 443.

Since most folks (users, developers and admins) don't like to do that most administrators just set up each SSL site with its own unique IP address and let the default port of 443 govern.

"Sam" <sam@amengual.net***> wrote in message news:064b01c2e7ce$3f68fec0$a301280a@phx.gbl...
> Hi BB.
>
> Your analysis is correct.
>
> The certificate you get accessing the second site is from
> the first site.
>
> There are 2 certificates installed in the different sites
> in IIS, I changed the IP address in proporties of each
> site from <all unassigned> to the actual IP address and
> changed the SSL port for secure to 444 (the first site is
> defaulted on 443).
>
> After restarting the websites the problem stayed the same.
> I restarted IIS and the problem stays the same!
>
> I have a feeling that somehow the first certificate is
> taking priority....
>
> Please help me again!
> Sam
> >-----Original Message-----
> >When you deploy second cert, is it binding on
> >difffernt IP or ports ?
> >
> >the reason you get those prompt, because the
> >url and the cert common name not matching.
> >
> >click to view what cert was retrieve and
> >company with the url you visiting.
> >
> >I suspect that you accessing the 2nd sites
> >but the 1st cert was retrieved.
> >
> >to solve this, ensure you running 2 certs
> >either on same IP diff ports or 2 different
> >IPs. SSL default port is 443.
> >
> >
> >Rgds.
> >
> >
> >"Sam" <sam@amenguat.net****> wrote in message
> >news:00c501c2e6eb$c9672b80$3401280a@phx.gbl...
> >> Hi,
> >>
> >> We run a webservers with IIS 5 and are hosting various
> >> domains. For one customer I installed a 40 bits Verisign
> >> certificate (1024) and that worked OK.
> >>
> >> I installed another certificate for a new site and ran a
> >> test by putting a simple default.htm in the secure
> >> directory and tried to access it.
> >>
> >> Imagine my surprise when I got a warning that the name
> did
> >> not match the website and was redirected to the secure
> >> section of the first site. I checked the certificate at
> >> the warning and it was the certificate for the first
> site.
> >>
> >> The certificates are installed in two different webs and
> >> have a different folder structure.
> >>
> >> Anyone saw this before? KB, Technet and Verisign do not
> >> give me any hints!
> >>
> >> Thanks and regards,
> >> Sam
> >
> >
> >.
> >



Relevant Pages

  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Your cert is barfing due to the fact that the names do not match. ... some weird certificate error now though...if you want to see it ... As pointed out by others, port 80 does NOT need to be open, and yes, ... record pointing that to your SBS, and you have port 443 open and ...
    (microsoft.public.windows.server.sbs)
  • Re: Microsoft Direct Push / Active Sync - cant get it working
    ... Great to hear that you got it all working on port 80! ... Sorry I'm not too familiar with the way SSL certificates are created and installed, so I can't be much help from here on out. ... I decided to see if I could get an SSL cert in place, ...
    (microsoft.public.pocketpc)
  • Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
    ... I decided to purchase a CA SSL key and replace the self cert on ... Basically I think the SBS web listener needs to be ... since both are working off the same certificate store. ...
    (microsoft.public.windows.server.sbs)
  • Re: 400 Bad Request Error
    ... Thanks for the reply,it does not look like the partner is using 2 different ... I have that cert imported into my trusted people certificate store for the ... I tried adding a client cert and without one and it is the same result.I do ... use a SSL connection on a different certificate. ...
    (microsoft.public.biztalk.server)
  • Heads Up: SSL defeated in IE and Konqueror
    ... SSL defeated in IE and Konqueror ... VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, ... tricky site owner signs an intermediate cert with another valid cert, ...
    (comp.os.linux.security)