Internet Information Services
Microsoft web server software.
1,630 questions
Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI -- Mismatch, SSL Test gives back a different domain name
Raghava Sai Akula
356
Reputation points
I have few applications hosted in IIS on a windows server. which are routed through Azure APP Gateway.
I'm enhancing the SSL configuration across all my domains. Upon running the ssllabs.com test revealed a second certificate(Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI) being sent wrongly by my server.
My server sends an certificate for one of my other domains.
For instance, when testing ABC.ca, Certificate #2 is issued to another domain def.com(because one of my other site with smallest/lowest priority in APP gateway listener Rules). Although the SSL rating for the site is A+
I followed the below URL and edited Hosts and added certificates under web hosting
{count} votes
-
Lex Li (Microsoft) 5,237 Reputation points Microsoft Employee2024-04-01T21:31:18.1666667+00:00 Are you able to run a command like
netsh http show sslcertto reveal all HTTPS bindings on this machine? https://docs.lextudio.com/jexusmanager/tutorials/https-binding#ip-based-bindings Certificates associated with SNI bindings shouldn't be disclosed to SSLLabs, but the IP based bindings might. So you should ensure you don't have IP based ones (unless that's what you initially planned).
Sign in to comment