Only one certificate can be used for a given IP address and port combination

In my IIS I get this - Only one certificate can be used for a given IP address and port combination.
I have multiple site on the same IP (and port 443).
What can be done?

Wow!
What version of IIS?

But to answer your question "What can be done?"
SNI solves that problem by allowing the same IP and port to service multiple names (each of which can have it’s own certificate).

Have a look at this: https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO20112&actp=search&viewlocale=en_US&searchid=1435162914930

1 Like

…or SANs solve that problem by putting more than one name on a single certificate.

Yes, SANs would allow many names to be served by the one IP and port connection.
But that may not completely solve this problem if different names need to go to different folders (on the same IP and port).

hi @usersflow

When you say you have multiple sites what do you actually mean.

And please take the time to articulate as it will impact the correctness of the responses.

Is it one web application with multiple DNS name associated with it

Or

Is it multiple individual web applications each with a DNS Name

Andrei

Many thanks to all of you for the replies,

First - it is IIS 8.5 (on Win 2008R2).
Second - It is the case of many different domains (which i develop for many
customers) that I host on this server (and each of those sites has
different root directory).

And Third - and most important - I’ll now go and check the SNI since SNA is
not supported (and as I understood - not meant to be supported) by
LetEncrypt.

What do you mean by not supported? Let's Encrypt certificates can support up to 100 names. Unless you need wildcards, few CAs match that (and not cheaply).

You can indeed only attach one certificate to an IP address. You must attach the other certificates to the web sites in IIS Manager instead. This explains how.

1 Like

Cheers - got it working with SNI.

rg305 - SNI solves this - but the I found the link you supplied somehow misleading.

Not a problem.
Glad you up and running :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.