2 hosts with different domain names on the same server, how to make both to support TLS 2.0?


#1

in my ECS server (win2008 R2 standard, IIS 7.0), there are 2 hosts, with different domain name, eg. www.A.com and www.A.fun

i use tool “letsencrypt-win-simple.V1.9.3” to generate the certification.

my problem is if https://www.A.com work well , then https://www.A.fun can’t work, or if https://www.A.fun work well , then https://www.A.com can’t work, seems they can’t not be available at same time

how can i configure to make both two hosts support TLS 2.0?

thanks


#2

Win2008 does not support Server Name Indication.

See here:

Microsoft IIS Web server Yes Since version 8 2012

So you can only use one certificate per IP-Address.


#3

Although @JuergenAuer pointed out that you can’t use SNI, you can get a single certificate that covers all of the names that you need. Let’s Encrypt certificates can cover up to 100 names per certificate.


#4

thanks for your kindly help

if i use only one certificate cover these two hosts,could they both support TLS 2.0 at one time?

i use tool “letsencrypt-win-simple.V1.9.3” and choose the option “A: Get certificates for all host”
but still only can make one host work well.

thanks


#5

hi schoen, thanks for reply
as you mentioned" Let’s Encrypt certificates can cover up to 100 names per certificate."

does it mean Let’s Encrypt can solve my problem?
i use tool “letsencrypt-win-simple.V1.9.3” and choose the option “A: Get certificates for all host”
but still failed

thanks


#6

There is no TLS 2.0. Actually, there is TLS.1.2, TLS.1.3 is coming.

I don’t know what “letsencrypt-win-simple.V1.9.3” is doing. It should support more then one domainname in one certificate.

Letsencrypt supports that. But “letsencrypt-win-simple.V1.9.3” must also support that.

“Get certificates for all host” sounds like “10 hosts -> 10 certificates”. That will not work.

On Win2008, I used only one *-certificate. Now I use Win2012 with SNI-Support.


#8

hi, JuergenAuer, very appreciate for your quick response, it seems maybe the most effective way to solve this problem is to upgrade the system.

thanks again!


#9

In order to diagnose failures, we need to see the exact error message because there are many different reasons that something could fail.

I would also suggest using the most current version of this client application, which has a new name


#10

hi, schoen, thanks for guide. I use the latest tool you mentioned and fixed the problem already

thanks again!:star_struck:


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.