Reputation: 909
IIS 7 and SSL wildcard certificate
I have an unsecured domain and want to create a secured sub-domain. On the same IP address running Windows Server 2008 and IIS 7.
So I've purchased a wildcard SSL certificate for *.mydomain.co.uk and installed it fine on the server. It appears under the server certificates correctly.
I've set up the subdomain with a HTTP binding for testing purposes and everything works fine - so it's not a problem with IIS. I then add an HTTPS binding for the subdomain on the normal 443 port and because I've named the certificate *.mydomain.com, the hostnames box is enabled for me in the UI. So I setup the HTTPS binding, remove the HTTP binding, restart the website and IIS. When I browse to www.mydomain.com that works fine - but when I browse to https://subdomain.mydomain.com I get a browser fault saying it can't find the server.
Any help would be much appreciated.
Upvotes: 1
Views: 4196
Answers (4)
Reputation: 329
It can be a pain to figure this one out, but one thing to look for is
But make sure that the identity for the app pool used for the subdomain has permissions to the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder.
Upvotes: 0
Reputation: 1
I was able to do this with A records not CNAME. I do not have require SSL ticked. I used URL rewrite instead.
<rule name="redirect to https" stopProcessing="true">
<match url="http://(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
</rule>
You also need to setup SSL Host Headers on all secure subdomains using the wildcard certificate.
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Upvotes: 0
Reputation: 909
OK figured it out - as normal it was a multitude of problems not just one.
First was a firewall issue - the server is running on Amazon EC2 and the security group was set up to block HTTPS traffic on port 443.
Second up was indeed the DNS. Although the sub-domain was browsable WITHOUT a CNAME record when using HTTP binding, an explicit CNAME record seems to be required when using HTTPS. Don't ask me why.
The sub-domain in question is for an IFrame Facebook app. It rendered fine in IE and Chrome but Firefox threw up the ssl_error_renegotiation_not_allowed error. This was due to the SSL settings in IIS - they need to be set to Require SSL (unticked) or ticked but then Client Certificates to Ignore
Phew - glad it's up and running now.
Upvotes: 1
Reputation: 360762
Check your DNS setup and make sure you've got an A or CNAME record for subdomain.mydomain.com.
Just having your webserver set up to handle a particular domain name doesn't mean the hostname/domain actually exists - the DNS system must be configured for it as well.
Upvotes: 0
Related Questions
- IIS 6 multiple ssl bindings on the same site for wildcard certificate
- SNI with wildcard certificate on IIS 8.5
- IIS 7- Can I combine EV SSL with Wild card certificates?
- Can i implement Wild card SSL certificate on Two Domains?
- SSL Wild Card issue
- C# Web Service Call (asmx) over SSL with wildcard certificate
- Wildcard SSL in IIS 7 showing warning message
- SSL wildcard certificate - multiple subdomains and multiple tiers
- How to create a self-signed wildcard SSL certificate for IIS 6?
- wildcard SSL certificate generates error when no subdomain is used