Ssl – ‘Same HTTPS binding’ error using IIS

iisiis-8.5sslssl-certificate

I'm an experienced developer who is relatively new to IIS. I have a VPS with a dozen websites.

I previously set up an SSL certificate on one of those sites and it works fine. Today, I'm trying to setup a new SSL certificate on another website. But when I attempt to create bindings that use HTTPS, I get an error.

At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?

I'm not sure what the issue is. My other HTTPS site is using a different certificate.

enter image description here

Best Answer

If you only have one IP address, you need to set all sites that are using HTTPS to require Server Name Identification so that IIS knows what cert to use for clients connecting to which site. Either each site needs to use SNI, or you must use different ports, or different IP addresses.

By default most webservers assume that if you're coming to them with HTTPS, you want the main site, and they'll happily serve that to you and rely on you to make sure the cert matches the domain. When you're hosting multiple sites over TLS/SSL, there's no way for the server to send you the proper certificate if you don't supply any information about what you're expecting. SNI is a TLS extension which allows a client to say "Hi, I'm looking for https://unitconversions.net" and a server to go "Thanks, here's the cert for that site, and have a good connection."

The warning you're seeing is IIS making sure you don't break your other sites that are listening on all IP addresses for inbound HTTPS connections.

More information about the IIS implementation of SNI can be found HERE.