Re: shared SSL

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/11/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Wed, 11 Dec 2002 12:56:52 -0500

"robik" <robik@mailbox.sk> wrote in message
news:093d01c2a138$bee5b1c0$d7f82ecf@TK2MSFTNGXA14...
> Hi!
>
> Does anybody know how to implement shared SSL on IIS5? In
> IIS4 were a posibility to bind a cetificate at the master
> level, but in IIS5 i can bind e certificate only to a
> specic website.
>
> I'm writing an ISAPI filter wich overwrites the host http
> header. I place this filter behind the ssipfilt.dll wich
> does the ssl stuff, but the binding to the website
> happens allready in the ssipilt, so my change in the the
> host http header has no effect.

If I understand your question correctly, SSL has always been bound to the
host name in the URL, no matter whether using IIS4, IIS5, Apache, etc. It
is possible to request a cert that has a wildcard such as *.domainname.com,
though I'm not sure whether all browsers and servers accept this.

It is absolutely possible to use one cert for multiple virtual server sites
at a certain domain such as https://domain.com, https://domain.com/domain2,
https://domain.com:444, etc. etc. as long as the host name is the same [or
the domain name is the same and a wild card was used when generating the
cert].

You can't use host headers to keep the SSL sites separate, but you can use
host headers on a non-SSL root page and a different port number on the SSL
sites, such as http://domain1.com which immediately redirects the users to
the first SSL site https://domain.com and also http://domain2.com which then
redirects users to the second SSL site on a different port
https://domain.com:444

Note that if the host name in the URL is different, encryption will still
occur successfully... the user will just get a warning box and have to click
OK to continue on to the site.

More info on all your IIS questions at www.iisfaq.com and www.iisfaq.com/ssl

Relevant Pages

  • Re: SSL and FP Forms
    ... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... If I buy my own SSL certificate and the host applies ... doesn't that make the complete site secure creating ...
    (microsoft.public.frontpage.client)
  • Re: ISA and WSS3.0
    ... If you need to enable ssl then you have to create a certificate to use on the IIS web site and then configure AAM to listen on that https address. ... >>> Would setting the sharpeoint sites up as host based be a better ... It seems to be working fine using ISA and link transalation, ... I guess I'm also confused regarding path and host named sites. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: https & ssl
    ... and install it on my host server. ... how do I invoke the SSL cert. ... If you do not own the server and rent ... Others supply a house SSL certificate for their customers at no ...
    (alt.html)
  • Re: Multiple website in single IP, host header and SSL problem
    ... me that Win2003 SP1 can solve the issue of having SSL if using host ... SSL-enabled website, any SSL requests will go through to that website. ... Host-Headers can not be used with SSL, because the Host header sent from ...
    (microsoft.public.inetserver.iis.security)
  • Re: https & ssl
    ... and install it on my host server. ... how do I invoke the SSL cert. ... If you do not own the server and rent ... Others supply a house SSL certificate for their customers at no ...
    (alt.html)