Changing the IP/port binding of a site that is configured to use a wildcard certificate causes other sites on the same server to fail.

Article ID: 2405568 - View products that this article applies to.
Expand all | Collapse all

Symptom

Consider the following scenario. You have an Internet Information Services (IIS) 7.0 web server that hosts multiple web sites, and all of the sites use the same IP address and port. For example, they all use the same wildcard SSL certificate and host headers. If you use the IIS Manager to delete or change the certificate mapping for one of the sites, the same deletion or change will occur for all of the sites. Additionally if you use the IIS Manager to delete a site, the other sites which use the same IP/port binding will no longer work as expected.

  

Cause

The problem occurs because the SSL certificate bindings specified by the Http.sys certificate configuration can only be registered using an IP/Port combination. This means that any site using the same IP/Port will have to use the same certificate regardless of the host name. This topic is described in the following blog post:

http://blogs.iis.net/thomad/archive/2008/01/25/ssl-certificates-on-sites-with-host-headers.aspx


The dilemma caused by this situation is how the Microsoft.Web.Administration (MWA) handles sites with the same IP/Port combination. If a site binding changes, for example by deleting the site or changing the certificate configuration, it will apply the change to all other sites that use that specific wildcard certificate.



Resolution

The problem only occurs when using the Microsoft.Web.Administration API to make the changes. For example, the problem occurs when using the IIS Manager, because the IIS Manager relies on the Microsoft.Web.Administration API. To avoid this problem, use the appcmd.exe tool to delete the site or certificate binding. The appcmd.exe tool does not use the Microsoft.Web.Administration API.


For example, to delete a site called MyWebsite, run the following appcmd.exe command:


appcmd.exe delete site "MyWebsite"
 




More Information

For more information on the appcmd.exe tool, please see the following documentation:



http://learn.iis.net/page.aspx/114/getting-started-with-appcmdexe






Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2405568 - Last Review: September 9, 2010 - Revision: 4.0
APPLIES TO
  • Microsoft Internet Information Services 7.0
Keywords: 
KB2405568

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com