SSL Configuration Issue on IIS 6

Question

Need help with this odd issue.

I installed an SSL Certificated from GoDaddy for a site hosted on our server (lets call this example.com). This is a Windows 2003 Server with IIS 6 with several domains hosted on it. The SSL installed properly.

However, now if I type any url of a different domain (say example.org) hosted on this same server with HTTPS, I get the following error in Chrome:

Your connection is not private

Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards).

NET::ERR_CERT_COMMON_NAME_INVALID

Firefox will also give similar errors.

example.org has no SSL associated with it and there are no other SSL Certificates for any other sites either. I am at a loss as to how ALL sites on the server are loading with SSL. Funny thing is that clicking on the link in browser error loads the Site to which SSL is assigned, but URL remains the same.

Ex. I type https://example.org (NO SSL Associated with this site) and type enter I see the error above If I click on Proceed to example.org (unsafe), it takes me to https://example.org but the content loads for domain example.com which has the SSL certificate bound to it.

I have checked Metabase for Bindings and seems clean. I have deleted the SSL certificate and installed a fresh one issued from Godaddy Tried deleting the site from IIS and recreating the whole thing but still no difference. No other site has any host headers for SSL Port 443

Any ideas on how this can be resolved so that ALL Sites don't load on SSL? Thanks in advance.

Answer 1

1. Go to IIS Manager.
2. Open property page of website where you dont need SSL (example.org as mentioned in question) by right click on website and select properties.
3. Go to directory security tab
4. Click Edit button located in ottom section of tab.
5. Verify if very first checkbox called "Require secure channel(SSL)" is UNCHECKED.