0

We have two sites/applications in IIS:

  1. www.corpsite.com
  2. accounts.corpsite.com

As you can see the accounts app has the same TLD and is the only application/site on the server that makes use of an SSL.

Problem:

Browsing to https://www.corpsite.com redirects us to https://accounts.corpsite.com, which it shouldn't. We don't make use of SSL on the www.corpsite.com site, only on the accounts site.

Screenshots:

If you look at the screentshot named www.corpsite.com.gif you'll see that there's no certificate configured on the site.

enter image description here

The accounts.corpsite.com site on the other hand has the certificate installed.

enter image description here

Anyone able to help?

Thanks, Jacques

Jacques
  • 197

2 Answers2

3

Remove the https binding (443) from the site www.corpsite.com.

As a best practice, use a catch-all binding on your main site (as in port 80 without any host header), and specify the host header on your secondary sites.

Note that host headers on SSL is extremely limited in terms of support out there, so even if IIS on 2003 supports it I wouldn't bother to set it up. If you need SSL on more than one site in the future you should add another IP, or move the application to a virtual directory under your main site.

EDIT: I was wrong, very wrong

http://en.wikipedia.org/wiki/Server_Name_Indication

Seems like every major browser out there supports this now, so I guess the world has moved on since I last checked a few years ago! According to Microsoft, IIS Windows 2003 SP1 and later supports host headers on SSL binding, by using certain command-line tools. Note that you need a wilcard certificate to make it work.

pauska
  • 19,766
1

It sounds like you have the sites on the same IP? Use Host Headers on both sites with the correct name on each.

mfinni
  • 36,892