IIS gives wrong certificate for an HTTPS request

iis windows-server-2008-r2 ssl iis-7.5 https

Solution 1

It is so ironic that the answer popped up in my stupid head after I submitted this question. DNS Host A record was pointing to wrong IP address and that's why I was getting the wrong cert. Changed the IP address for the DNS Host A record and it is all working now.

Solution 2

Just to follow up on this for others that could not resolve it using the above solution, I had experienced a similar problem whereby the server was delivering the wrong certificate for HTTPS connections to a website with a host header value.

In my case, it turned out to be that the binding was set to receive connections from * instead of the actual server IP address. Modifying the binding to be bound to the IP address resolved the issue.

Solution 3

We had the same issue, a https website presenting a wrong certificate on a Win2012 R2 server with multiple https sites using SNI.

Even when modifying the hosts file and redirecting the hostheader to the IP address used on the website we were still presented a certificate from another site, so no DNS issue here.

As it turned out, the website from which we received the (wrong) certificate had one binding on the same IP with SNI turned off, so this cert was apparently presented as the 'default' certificate.

Checking SNI on this site binding solved the problem on the other site.

Shuvo

Updated on September 18, 2022

Comments

Shuvo over 1 year

In my user table i have a role column its values Teacher and Student. I want to insert data if user role teacher. Otherwise give a message "Only for teacher". Here is my controller:

$validator = Validator::make($request->all(), [
                'title' => 'required|exists:users,role==[Teacher]',
                ]);
                if ($validator->fails()) {

                Flash::success('Only for Teacher');
                return redirect(route('works',['class_id'=>$class_id]));
                }else{
                $works = new assainments();
                $works -> title = $text;
                //$works -> file = $fileName;
                $works -> class_id = $class_id;
                $works -> users_id = Auth::user()->id;
                $works -> save();
                Flash::success('Your works has been posted');
                return redirect(route('works',['class_id'=>$class_id]));

But it's not working. It's only Show the error message "Only for Teacher"

squillman almost 12 years

You should add your answer AS an answer, then you can accept it. That will be helpful to people who see this question in the future.

austinian almost 9 years

I noticed you said "with a host header value", what version of IIS are you using?
Martin almost 9 years

We're on IIS 8 on Windows Server 2012.
austinian almost 9 years

Ah, k. IIS 7.5 (what was asked about in the question) doesn't have support for host headers with SSL/TLS (SNI). Have you tried to serve multiple HTTPS sites from one IP on this server?
Martin almost 9 years

@austinian Indeed, that is exactly what we are doing currently. We have multiple certificates and multiple sites. One site in particular wasn't working but this was due to what I described above with the binding to * instead of a specific IP address.
Ricardo C over 6 years

If your IIS server has multiple IPs, it is possible to find multiple DNS A records, each pointing to a different IP on that one host, then is a random change for the client to get either IP.
Dileep KK over 5 years

This helped me!