Server SSL binding - use 2 certificates for the same port

Jonathan_Wareham · May 24, 2022, 2:54pm

Hi,

I have a Sparkle service (Http.sys) which I want to be able to reach with (for example) https://abc.com and https://xyz.com. I have 2 different SSL certs installed for each of the domains, and I've bound both to port 443 using the 'Http.sys Config Tool' . The problem is I can't see anyway to get the service to present the correct certificate for the appropriate URL request (abc.com vs xyz.com). It always just uses the certificate for abc.com, probably because it's first in the list.

From what I've read it looks like this is possible when using IIS, using 'Server Name Indication' (SNI). Is there anything similar we can use with standalone Http.sys services? Maybe using the AppID of the SSL binding to differentiate?

Many thanks,
Jonathan

Jonathan_Wareham · May 24, 2022, 4:53pm

Managed to answer my own question. Instead of using the 'HTTP Config Tool', which can only bind to a combination of IP address and port, used the Netsh command to bind each certificate to the hostname you are listening on, so :

netsh http add sslcert hostnameport=abc.com:443 certhash=1dbb0a5bf264167f96fd96dbfea007799e5ff840 appid={00000000-0000-0000-0000-000000000000} certstorename=MY

netsh http add sslcert hostnameport=xyz.com:443 certhash=fc861f7e3faa73e34f60f24f8dfc2ad343ad646a appid={00000000-0000-0000-0000-000000000000} certstorename=MY

Service now presents the appropriate SSL certificate depending on which hostname was specified in the URL.

system · May 24, 2022, 10:47pm

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.