Customer has configured an SSL key on AMD and believes it works for all web sites on an IIS web server. However, "show ssldecr keys" command showed the new ssl key does not match with traffic of any web sites.
Say IIS web server's IP address is 10.21.0.1. Web sites A, B and C's IP addresses are 10.21.0.2, 10.21.0.3 and 10.21.0.4. SSL key is configured for the IIS web server address 10.21.0.1.
My question is will the issue be solved if they configure the key for web site addresses instead of IIS web server address? Or if not, what else could have caused key mismatch?
If the TLS Certificate/Key pair is configured for only 10.21.0.1, IIS will not use it for any other IP addresses
Configuring IIS to use the same Certificate/Key pair for all IP address should resolve the customer's issue *if* it is indeed the same key that was loaded to the AMD.
That would also potentially introduce Certificate vs host name mismatches though, unless the Certificate is a wildcard certificate that matches all configured hosts on the IIS server.