Only one certificate can be used for a given IP address and port combination

usersflow · June 13, 2017, 4:14pm

In my IIS I get this - Only one certificate can be used for a given IP address and port combination.
I have multiple site on the same IP (and port 443).
What can be done?

rg305 · June 13, 2017, 4:19pm

Wow!
What version of IIS?

But to answer your question "What can be done?"
SNI solves that problem by allowing the same IP and port to service multiple names (each of which can have it’s own certificate).

Have a look at this: https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO20112&actp=search&viewlocale=en_US&searchid=1435162914930

danb35 · June 13, 2017, 4:41pm

...or SANs solve that problem by putting more than one name on a single certificate.

rg305 · June 13, 2017, 4:52pm

Yes, SANs would allow many names to be served by the one IP and port connection.
But that may not completely solve this problem if different names need to go to different folders (on the same IP and port).

ahaw021 · June 14, 2017, 12:22am

hi @usersflow

When you say you have multiple sites what do you actually mean.

And please take the time to articulate as it will impact the correctness of the responses.

Is it one web application with multiple DNS name associated with it

Or

Is it multiple individual web applications each with a DNS Name

Andrei

ask-us_employee · June 14, 2017, 7:51am

Many thanks to all of you for the replies,

First - it is IIS 8.5 (on Win 2008R2).
Second - It is the case of many different domains (which i develop for many
customers) that I host on this server (and each of those sites has
different root directory).

And Third - and most important - I’ll now go and check the SNI since SNA is
not supported (and as I understood - not meant to be supported) by
LetEncrypt.

mnordhoff · June 14, 2017, 8:02am

What do you mean by not supported? Let's Encrypt certificates can support up to 100 names. Unless you need wildcards, few CAs match that (and not cheaply).

Patches · June 14, 2017, 8:12am

You can indeed only attach one certificate to an IP address. You must attach the other certificates to the web sites in IIS Manager instead. This explains how.

usersflow · June 14, 2017, 10:25am

Cheers - got it working with SNI.

usersflow · June 14, 2017, 10:27am

rg305 - SNI solves this - but the I found the link you supplied somehow misleading.

rg305 · June 14, 2017, 3:06pm

Not a problem.
Glad you up and running

system · July 14, 2017, 3:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple ssl certificates with one ip and same port but different host headers (IIS 8) Help	10	7566	October 31, 2017
Any way around the binding Help	4	1656	September 18, 2019
Best practice: SNI or several certificates Help	9	2995	August 13, 2021
Let's Encrypt windows clients with IIS cannot handle multiple websites? Server	4	1835	February 9, 2017
Configuring IIS8 sites with a single binding certificate each Server	9	3438	May 16, 2019

Only one certificate can be used for a given IP address and port combination

Related topics