



I've been searching for a few hours to find a solution to my question/problem and whilst I believe that I have been able to clarify the reason why I have problems I have been unable to find a resolution.


I have one server which is hosting multiple web sites and a couple of these web sites are using SSL certificates. I have some shared images accessed by all sites and the way to stop the none-secure error on the SSL site was to serve those shared images from

这工作得很好,直到那就是我发现,通过在Windows XP上使用Internet Explorer这是给消息没有与此网站的安全证书有问题。那么,什么我确定的是,它是因为它捡了服务器上的不同域的证书。所有做一台服务器上托管多个网站使用SSL证书。

This worked fine, until that is I noticed that by using Internet Explorer on Windows XP it is giving the message "There is a problem with this website's security certificate". What I then identified is that its because its picking up a certificate for a different domain on the server. Its all to do with hosting multiple sites on one server with SSL certificates.


Lets say I have four sites with only the first two with SSL certificates installed.


And lets not forget the following:

因此​​,从它实际上是造就上述共享图片的URL访问图像时 一>,因此错误。

因此​​,它似乎是与IE浏览器不支持SNI或SSL / TLS在Windows XP或Vista,而这是在Win 7和Win 8这似乎是由M $立即伎俩迫使人们升级到更多的电流的操作系统。但事实是,所有其他的浏览器支持它。

So its seems to be something to do with IE not supporting SNI or SSL/TLS on Windows XP or Vista whereas it is on Win 7 and Win 8. This seems like an immediate ploy by M$ to force people to upgrade to more current operating systems. But the fact is that all other browsers support it.


But, what I have not been able to identify is what I can do about it. So I believe my question is, is it possible to host multiple web sites using SSL on the same server on different domains without causing IE to show errors. If not, what do other people do? And it yes, how do I configure it?

我一直在这几个小时,所以如果有人可以帮助,我真的AP preciate它。

I have been on this for hours so if someone could help, I would really appreciate it.



Windows XP中的版本SChannel中的不支持SNI,这意味着IE和其他的WinINET / WinHTTP的基于应用程序不支持SNI该平台上。

Windows XP's version of SChannel does not support SNI, which means that IE and other WinINET/WinHTTP-based applications do not support SNI on that platform.

SNI支持在Windows Vista中引入;如果你没有看到它的平台上工作,很可能是IE浏览器从默认客场重新启用SSL2。的SSLv2兼容握手不携带TLS扩展,如扩展SNI

SNI support was introduced in Windows Vista; if you're not seeing it work on that platform, it's likely that IE was reconfigured away from the defaults to enable SSL2. SSLv2-compatible handshakes do not carry TLS extensions like the SNI extension.


The only real workarounds here are to either:

  1. 主机上的不同的IP或端口(使服务器可以根据这些信息选择该证书)每个服务器

  2. 使用包含使用证书的SubjectAltName字段
  3. 主机名的多个证书
  1. Host each server on a different IP or port (so the server can select the certificate based on that information)
  2. Use a certificate that contains multiple hostnames using the SubjectAltName field of the certificate