IIS gives wrong certificate for an HTTPS request

Solution 1:

Just to follow up on this for others that could not resolve it using the above solution, I had experienced a similar problem whereby the server was delivering the wrong certificate for HTTPS connections to a website with a host header value.

In my case, it turned out to be that the binding was set to receive connections from * instead of the actual server IP address. Modifying the binding to be bound to the IP address resolved the issue.

Solution 2:

We had the same issue, a https website presenting a wrong certificate on a Win2012 R2 server with multiple https sites using SNI.

Even when modifying the hosts file and redirecting the hostheader to the IP address used on the website we were still presented a certificate from another site, so no DNS issue here.

As it turned out, the website from which we received the (wrong) certificate had one binding on the same IP with SNI turned off, so this cert was apparently presented as the 'default' certificate.

Checking SNI on this site binding solved the problem on the other site.

---

Solution 3:

It is so ironic that the answer popped up in my stupid head after I submitted this question. DNS Host A record was pointing to wrong IP address and that's why I was getting the wrong cert. Changed the IP address for the DNS Host A record and it is all working now.