We have a Windows server with several client websites.
One website, let’s call it Bubbles, uses HTTPS.
Another website, let’s call it Tango, doens’t use HTTPS.
We installed an SSL Certificate on the server for Bubbles.
Now, someone from Tango tried to visit https://tango and got a browser warning about the SSL Certificate not being of the tango domain (which is correct, because the certificate is for the Bubbles domain).
How can I remove the browser warning?
Ideally I would redirect the HTTPS requests on Tango to the HTTP website.
If I can’t redirect, I’d like to at least show a 404.
Thanks
At the SSL layer, all you have is the IP address and port, so to do this you need to have Tango and Bubbles bound, one way or another, to different sets of IPs and ports. I guess at the moment you have a single IP, using host-headers for the http traffic, and :443 for SSL – which of course means only Bubbles exists as far as SSL is concerned (if you tried to configure SSL on :443 for Tango, you’ll find it won’t let you – the box can only serve a single site per IP/port combination).
Ultimately, your best option here is to map Bubbles and Tango to different IP addresses, and have the server know about each, binding different sites to the correct IPs. You can just about get away with host-headers (only) for http, but not SSL.
If you have something like HAProxy or some other NLB, you could also dynamically remap the port, so your web-server only has a single IP and handles different sites (including SSL) on different ports – but then are just shifting the “needs multiple IP addresses” problem upstream to the NLB. Of course, the external client browser should only need to use :80 and :443, but inside your network you can remap those however you want.