Re: Wildcard SSL Implementation

From: Paul Lynch (paul_lynch67_at_hotmail.com)
Date: 06/19/03 

Date: 19 Jun 2003 03:25:21 -0700

BB,

I think this is what you were looking for :

Name-Based Virtual Hosting: An ISP or Web Host provides each hosted
customer with a unique domain name, such as customername.isp.com.
If the same certificate is used for each domain name, browsers will
indicate that the site domain name does not match the common name in
the certificate. To solve this problem, a "wildcard" certificate of
the form *.isp.com is required to properly serve the multi-hostname
configuration without creating browser mismatch error messages.
(VeriSign offers wildcard certificates on a case-by-case basis, and
they are subject to certain additional licensing terms and conditions.
For more information, please contact shared-ssl@verisign.com.)

For a complete explanation of VeriSign's solutions for securing
multiple Web server and domain configurations, please see our white
paper at http://www.verisign.com/rsc/wp/certshare/certshare.pdf.

Regards,

Paul Lynch
MCSE

"BB" <qbernard@hotmail.com> wrote in message news:<#5IBfkiNDHA.1744@TK2MSFTNGP12.phx.gbl>...
> It matched. I couldn't find the versign pdf file, but
> here another reference from instantssl
>
> http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-premiumssl_wildcard.html
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
>
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:uhzsDGiNDHA.304@tk2msftngp13.phx.gbl...
> > You can have a wildcard DNS name - for sure, and if you can get a wildcard
> > SSL cert then it'll work.
> > But it shouldn't match test.myCompany.com -and- test2.myCompany.com should
> > it?
> >
> > *.myCompany.com is not test.myCompany.com (or so I thought).
> >
> > Cheers
> > Ken
> >
> >
> > "BB" <qbernard@hotmail.com> wrote in message
> > news:uCCId1gNDHA.704@tk2msftngp13.phx.gbl...
> > : Interesting. I have done *.domain.com point to 1 site.
> > :
> > : 1) DNS A record '*'
> > : 2) Create a site 'no host header' bind to 1 IP
> > :
> > : If the certs common name is *.domain.com, I think it would
> > : likely works, no host header concept.
> > :
> > : Verisign provide * - wildcard cert as well.
> > :
> > :
> > : --
> > : Regards,
> > : Bernard Cheah
> > : http://support.microsoft.com/
> > :
> > :
> > : "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> > : news:ezXn$vgNDHA.2636@TK2MSFTNGP10.phx.gbl...
> > : > You can't use host headers with SSL
> > : >
> > : > Why? Because the HTTP headers are encrypted, including the HTTP Host:
> > : > header, which means the server doesn't know which website the request
> is
> > : > going to.
> > : >
> > : > Each IP address can only have a single certificate for each port (eg
> one
> SSL
> > : > site on port 443, but you can configure additional sites on
> non-standard
> > : > ports if you want to).
> > : >
> > : > You can resolve both test.domain.com and test2.domain.com to the same
> IP
> > : > address if you want (the protocol has nothing to do with it - name
> > : > resolution is performed by DNS), but since you can only create a
> single
> > : > cert, and the cert includes the sitename, you'll get a warning on one
> of
> the
> > : > sites that the name in the cert doesn't not match the current name of
> the
> > : > site.
> > : >
> > : > Cheers
> > : > Ken
> > : >
> > : > "Dan Foxley" <dfoxley@nospampacificdatavision.com> wrote in message
> > : > news:eH7EXKeNDHA.3768@tk2msftngp13.phx.gbl...
> > : > : I would like to implement Wildcard SSL on Win2k Sever SP3, IIS 5.1.
> Can
> I
> > : > : do the following:
> > : > : https://test.domain.com
> > : > : https://test2.domain.com
> > : > :
> > : > : 1. Can both resolve to the same IP, using *.domain.com? (Host
> Headers
> then,
> > : > : correct?)
> > : > :
> > : > : 2. If I have to generate a cert request for each Site
> "*.domain.com",
> will
> > : > : they all be the same, and be able to accept the Cert from the SSL
> provider?
> > : > :
> > : > : 3. The article below states that IIS won't generate a cert request
> with
> > : > : "*.domain.com".
> > : > :
> > : > : In general what is the intended way to set up Wildcard SSL on IIS
> 5.1?
> > : > :
> > : > : Thanks,
> > : > : Dan Foxley
> > : > :
> > : > : I found the following reference to Wildcard SSL certs. It's a
> little
> > : > : incomplete.
> > : > :
> > : > :
> http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=25578
> > : > :
> > : > :
> > : >
> > : >
> > :
> > :
> >
> >

Relevant Pages

  • Re: Installing an existing GoDaddy SSL on another SBS box....
    ... Certificate' and then 'Assign an existing certificate'. ... I've got a functional GoDaddy SSL cert installed and working on my ... vanilla install so far. ... I got an error that there was no pending request for the ...
    (microsoft.public.windows.server.sbs)
  • Re: Create certificate with makecert for LDAPS on a DC ?
    ... It helps avoid having to know the more confusing options with makecert for generating a proper SSL cert ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... but I am not able to create my self-signed certificate with certreq as I dont have any CA in my domain to submit the "request.req" file. ... MVP Windows Server - Directory Services ...
    (microsoft.public.windows.server.security)
  • Re: OWA goes to RWW...
    ... then your ssl cert needs to exactly match the name you are ... "There is a problem with this websites security certificate". ... I just did some work on a buddy's SBS server setting up Exchange, ... access OWA internally successfully. ...
    (microsoft.public.windows.server.sbs)
  • Re: SSL CSR questions
    ... From what I understand, once the SSL cert is issued, you must install it on the specific IIS server that generated the CSR. ... can't you export the private key used to generate the CSR and then import it into another IIS server? ... Let's say I generated the CSR on IIS-01 and before I received the SSL cert back, IIS-01 started having some hardware problems and I decided to move all my sites to IIS-02. ... You need the original certificate, ...
    (microsoft.public.windows.server.security)
  • Re: SSL bind to LDAP for password change
    ... I'm not sure what the problem is with your PKI, but in regards to the subject of your post, you don't really need to use SSL with LDAP for AD password change. ... I am unable to create a SSL certificate using the DomainController ... Domain Controller does not show up ...
    (microsoft.public.platformsdk.security)