Server SSL binding - use 2 certificates for the same port


I have a Sparkle service (Http.sys) which I want to be able to reach with (for example) and I have 2 different SSL certs installed for each of the domains, and I've bound both to port 443 using the 'Http.sys Config Tool' . The problem is I can't see anyway to get the service to present the correct certificate for the appropriate URL request ( vs It always just uses the certificate for, probably because it's first in the list.

From what I've read it looks like this is possible when using IIS, using 'Server Name Indication' (SNI). Is there anything similar we can use with standalone Http.sys services? Maybe using the AppID of the SSL binding to differentiate?

Many thanks,

Managed to answer my own question. Instead of using the 'HTTP Config Tool', which can only bind to a combination of IP address and port, used the Netsh command to bind each certificate to the hostname you are listening on, so :

netsh http add sslcert certhash=1dbb0a5bf264167f96fd96dbfea007799e5ff840 appid={00000000-0000-0000-0000-000000000000} certstorename=MY

netsh http add sslcert certhash=fc861f7e3faa73e34f60f24f8dfc2ad343ad646a appid={00000000-0000-0000-0000-000000000000} certstorename=MY

Service now presents the appropriate SSL certificate depending on which hostname was specified in the URL.


This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.