Changing the IP/port binding of a site that is configured to use a wildcard certificate causes other sites on the same server to fail.


Consider the following scenario. You have an Internet Information Services (IIS) 7.0 web server that hosts multiple web sites, and all of the sites use the same IP address and port. For example, they all use the same wildcard SSL certificate and host headers. If you use the IIS Manager to delete or change the certificate mapping for one of the sites, the same deletion or change will occur for all of the sites. Additionally if you use the IIS Manager to delete a site, the other sites which use the same IP/port binding will no longer work as expected.



The problem occurs because the SSL certificate bindings specified by the Http.sys certificate configuration can only be registered using an IP/Port combination. This means that any site using the same IP/Port will have to use the same certificate regardless of the host name. This topic is described in the following blog post:

The dilemma caused by this situation is how the Microsoft.Web.Administration (MWA) handles sites with the same IP/Port combination. If a site binding changes, for example by deleting the site or changing the certificate configuration, it will apply the change to all other sites that use that specific wildcard certificate.


The problem only occurs when using the Microsoft.Web.Administration API to make the changes. For example, the problem occurs when using the IIS Manager, because the IIS Manager relies on the Microsoft.Web.Administration API. To avoid this problem, use the appcmd.exe tool to delete the site or certificate binding. The appcmd.exe tool does not use the Microsoft.Web.Administration API.

For example, to delete a site called MyWebsite, run the following appcmd.exe command:

appcmd.exe delete site "MyWebsite"

More Information

For more information on the appcmd.exe tool, please see the following documentation: