SelfSSL issue - 2 secure sites running on same box with selfssl certificates

Question

Hi,

I'm pulling my hair out a little bit over an issue we're having on one of our project environment servers. I'm trying to run 2 different versions of our site, from 2 different code bases. The site has a secure and a non secure area.

I can, as expected, create as many non secure sites as I wish.

The problem I'm having is that I can't seem to get the two secure sites to each co-exist on the same box.

I have created certificates using SelfSSL for each site. Each site, as you'd expect is on its own port, 443 and 444 respectively.

I'm finding that once I've got secure site A running then secure site B stops working, despite having its own certificate. then when I fix site B, site A stops working.

Any suggestions?

An example of my SelfSSL command used is here:

C:\Program Files\IIS Resources\SelfSSL>selfssl /T /V:600 /S:162950877 /P:444 /N:
CN=SITEREFRESH

The server is running Windows Server 2003 so I think will be IIS5

Ben

Answer 1

Why not re-use the same certificate on both sites? Any SSL certificate is meant to identify a host (server), not sub-instances of a server that run on different ports (but the same hostname/FQDN).

It's entirely likely that IIS is seeing a collision between the same identity being used in two different certificates, and refuses to leave both sites running that attest to the same identity with different certs. Under production circumstances, this could be thought of as an attempt to spoof the server's identity with another cert, which would cause security geeks to shudder and run screaming from the room.