certificate error in IIS running multiple virtual websites

[guest]

Q: We have an IIS 6 server that is running multiple virtual websites using host
headers. One of the sites has a SSL certificate installed and is configured
to run HTTP portions of the site off the same IP as the other websites and
run the HTTPS portions of the site of a separate IP than the rest of the
sites. If I type in http:\\www.domain.com it brings up the site fine. If I
type in https://www.domain.com the site comes up fine. If I type in
http://www.someotherdomain.com that site comes up fine. But, when I type in
https://www.someotherdomain.com I get a certificate error and the site that
is returned is the https://www.domain.com site. This happens for all of my
other sites when https is accidentally used in front of their URL. The
firewall is PATing a single public IP to both the main IP address (http) and
the secondary IP (https). Both IPs are bound to the same NIC.
How do I fix this config so that only the one site that uses SSL responds to
requests?

A: It's expected that you get a warning dialog for the certificate. The reason
is when we issue the server certificate, its common name should be set and
match the site's domain name(i.e www.domain.com). Therefore you will get a
warning stated that the common name of the server certficate doesn't match
the site's url(https://www.someotherdomain.com). This is expected behavior.

However I wonder if there is another problem that it finally returned an
incorrect site when you accessing https://www.someotherdomain.com?

[guest]

Actually, I do not want www.someotherdomain.com returned at all. I want a
website not found. I want www.domain.com to reject any requests except for
https://www.domain.com or http://www.domain.com.

[guest]

problem which you describe happening if you have SSL on same IP as other
sites.

example:

site1.loc - host headers
http -> site.loc = 10.0.0.11

site2.loc - host headers
http -> site2.loc = 10.0.0.12
https -> 10.0.0.12

This should work without problem.

But if https is set to 10.0.0.11 and you enter https://site.loc you will
recive problem which you described.

Check SSL IP nad host headers.

[guest]

In this case, this is mainly a DNS problem. You should change your DNS
setting and do not point www.someotherdomain.com to the server's IP. You
cannot use host header to restrict this on IIS side since generally host
header doesn't work with SSL.