I have a public website, lets call it www.domain.org, on a shared hosting provider. I also have a subdomain set up for development testing purposes which directs to a separate folder on the server, lets call it dev.domain.org. I have domain-ownership-verified SSL set up on the www.domain.org domain. Since the dev.domain.org is used for testing for www.domain.org, I figured I would set it up with SSL as well. Problem being, I don't have the ability to get a separate SSL certificate for dev.domain.org.
I figure this shouldn't really be a problem, since dev.domain.org isn't really a "public" site, it's just for my use, and I'll know that a certificate error is going to come up and I can just tell my browser to proceed anyway. So I did. Everything seems to work fine until I make a small change to the code for the login page. I upload it to dev.domain.org, browse to https://dev.domain.org, and the new code doesn't work. I fire it up on a local IIS development server with the VS debugger, it works just as expected. No matter what changes I make, if i browse to https://dev.domain.org, the changes don't show up.
I ended up turning off my module which automatically redirects insecure requests to https://[server_name]+rawUrl, and when I browse to http://dev.domain.org, everything works as expected from what I uploaded to the dev folder. However, when I browse to https://dev.domain.org, my browser loads up the pages which should only be found at https://www.domain.org.
This appears to be the case in every browser I have the ability to test with, so I'm thinking it must be an IIS issue, I just can't figure out why a certificate error would cause IIS to return the domain on the certificate when I requested content from a different domain. Any ideas how to fix this? Or do I just have to not use SSL with dev.domain.org unless I can get a separate certificate?