Reputation: 3
IIS 7.5 SSL https - wrong site appears when calling other site
IIS 7.5
non-ssl-test.com is port 80 only, secure-site.com is port 443 only
Both work if called correctly: http://non-ssl-test.com & https://secure-site.com
But if I call https://non-ssl-test.com and accept the certificate warning the content of secure-site.com appears.
WTF, I want https://non-ssl-test.com to fail !
Upvotes: 0
Views: 398
Answers (2)
Reputation: 63295
That's exactly how IP mapping works when SSL/TLS handshakes happen.
https://www.jexusmanager.com/en/latest/tutorials/https-binding.html#ip-based-bindings
As IIS 7.x does not have SNI, all HTTPS requests go to the IP based mapping. Web browsers see the certificate you bind there, and display whatever warnings/errors they would like to. TLS handshake happens so early and the browsers prompt immediately, so you have no way on IIS to avoid the prompt.
If you want https://non-ssl-test.com to fail completely, you have to modify the site bindings to have no IP based SSL binding at all. Like the other answer indicate, that usually means another IP address is needed,
- bind the two sites to different IP addresses.
- bind the certificate to the IP address you like, but not the other.
Then HTTPS requests to the second IP without any certificate, would fail as you wished.
Upvotes: 0
Related Questions
- IIS url rewrite to https for multiple domains, but not all
- IIS redirect to HTTPS changes the URL
- SSL certificate in IIS for one site, all sites responds to https request
- IIS 7 Non SSL site loading certificate of another site's
- IIS 7 URL rewrite rules seem to be working one time only
- IIS 7 adding SSL to one site, all other sites responds to https request
- IIS 7.0 redirecting https to http
- HTTPS affecting multiple http sites on IIS7
- Two site, one with https on IIS 7 problem
- SSL page redirecting to SSL page on another server