我有 3 个网站,它们都在 IIS 10 中使用相同的 IP。我首先设置 https 绑定以使用 SNI 和端口 443 上的“所有分配”IP 地址,并使用正确的证书。所有证书都是已知的良好证书。只有一个网站获得了正确的 SSL 证书。另外两个网站获得与工作网站相同的证书。因此我切换到 CCS。将所有证书以正确的名称加载到同一个文件夹中。将站点从 SNI 更改为 CCS。仍然只有一个站点可以运行。尝试清理客户端缓存。顺便说一下,这一切都运行良好,直到上周末的几个月,我没有对服务器进行任何更改。可能已获得 Windows 2019 更新关于我下一步可以做什么有什么建议吗?这是 netsh 结果正常运行的站点具有来自 Sectigo 的通配符证书。另外两个来自 Let's Encrypt。这三个站点的域名都不同。
IP:port : 0.0.0.0:8172
Certificate Hash : d97778af0d232c0c2494eee481df37e5127425c9
Application ID : {00000000-0000-0000-0000-000000000000}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set
IP:port : 192.168.20.34:443
Certificate Hash : 211a5fb41e576e85c023f68452d77a91fc13b1eb
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set
Central Certificate Store : 443
Certificate Hash : (null)
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set