IIS 7 and Above
HTTPS and HTTP Bindings for Same IP
Last post Feb 06, 2019 03:52 PM by lextm
Feb 06, 2019 03:46 PM|ralsh|LINK
Let me preface this by stating that I generally only work with SSL secured sites, but recently I have had some requests that led to the following scenario.
This is a single server, and single IP setup - host headers being used to direct traffic to each site.
Lets say I have 5 sites with HTTP and HTTPS bindings, each with a unique hostname and a valid certificate.
Lets say I have 1 site with just an HTTP binding, also with a unique hostname. This site has no HTTPS binding present.
Why am I able to still access the HTTP site with SSL? It is serving up the certificate for one of the other sites (with a name mismatch warning of course) but bypassing the warning does not actually take me to either site.
What might be causing this?
Feb 06, 2019 03:52 PM|lextm|LINK
That means you have an IP based binding there, which if you like can be deleted or switched to an SNI binding.