How to disable HTTPS on IIS 7.5
IIS will send the traffic for a particular IP address to the site that is configured for that IP using port 443. SSL or HTTPS requires 1 IP per address (excluding wildcards). So if you have the IP of 127.0.0.1 bound to site1.com on 443 and site2.com on all IPs, then when you browse to https://site2.com you are still calling the same IP address regardless of the host headers, IIS will send you to site1 and throw the certificate warning.
To prevent that behavior, you need another IP for site2.com and bind each site to those IPs in IIS.
Darko Romanov
I'm a senior web developer, started to write programs on my epic Commodore 16 in the the early '80s Now I'm a qualified WordPress plugin developer with passion for visual computing.
Updated on September 18, 2022Comments
-
Darko Romanov over 1 year
I have a IIS 7.5 on Windows2008, hosting a couple of dozen of sites.
Two sites use HTTPS, we call them www.site1.com and www.site2.com
Now the problem is that if I (for any reason) browse to https://www.site3.com the connection is not dropped as expected (by me) but the browser shows the alert of unsecure content, because the domain doesn't match the certificate.
I don't know how to avoid this behavior and I wonder if it's even solvable.
-
Hamed over 10 yearsSorry first of all what do you mean by connection is not dropped by me. i am assuming you have setup the correct host header for your sites. Next question is how did you setup your bindings?
-
Darko Romanov over 10 yearsThe binding of all sites are on port 80, except for two sites that have both 80 and 443. So, I'd expect that calling site3.com the connection was dropped, because www.site3.com doesn't have a binding on port 443.
-
Nathan C over 10 yearsDo site2.com and site3.com resolve to the same IP?
-
Darko Romanov over 10 years@NathanC yes, all sites have same IP.
-
Nathan C over 10 yearsSee stackoverflow.com/questions/5006714/… ...this is exactly your issue.
-