Re: Wildcard SSL Implementation

From: BB (qbernard_at_hotmail.com)
Date: 06/20/03 

Date: Fri, 20 Jun 2003 12:32:18 +0800

I would say this depend on CA, you have the relevant contacts
from previous post, just drop them a mail, they will guide you through. 

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
"Dan Foxley" <dfoxley@nospampacificdatavision.com> wrote in message
news:ehcbx6qNDHA.2308@TK2MSFTNGP11.phx.gbl...
> OK..
>
> Are certs generated from 2 different sites in IIS (either on the same
server
> or different server) with the same FQDN  "*.domain.com" going to be able
to
> accept the pending request from the SSL Provider?  Or is each request
> Unique?
>
> Dan Foxley
>
>
> "Paul Lynch" <paul_lynch67@hotmail.com> wrote in message
> news:96f970c7.0306190225.76b86357@posting.google.com...
> > BB,
> >
> > I think this is what you were looking for :
> >
> > Name-Based Virtual Hosting: An ISP or Web Host provides each hosted
> > customer with a unique domain name, such as customername.isp.com.
> > If the same certificate is used for each domain name, browsers will
> > indicate that the site domain name does not match the common name in
> > the certificate. To solve this problem, a "wildcard" certificate of
> > the form *.isp.com is required to properly serve the multi-hostname
> > configuration without creating browser mismatch error messages.
> > (VeriSign offers wildcard certificates on a case-by-case basis, and
> > they are subject to certain additional licensing terms and conditions.
> > For more information, please contact shared-ssl@verisign.com.)
> >
> > For a complete explanation of VeriSign's solutions for securing
> > multiple Web server and domain configurations, please see our white
> > paper at http://www.verisign.com/rsc/wp/certshare/certshare.pdf.
> >
> >
> > Regards,
> >
> > Paul Lynch
> > MCSE
> >
> > "BB" <qbernard@hotmail.com> wrote in message
> news:<#5IBfkiNDHA.1744@TK2MSFTNGP12.phx.gbl>...
> > > It matched. I couldn't find the versign pdf file, but
> > > here another reference from instantssl
> > >
> > >
>
http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-premiumssl_wildcard.html
> > >
> > > -- 
> > > Regards,
> > > Bernard Cheah
> > > http://support.microsoft.com/
> > >
> > >
> > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> > > news:uhzsDGiNDHA.304@tk2msftngp13.phx.gbl...
> > > > You can have a wildcard DNS name - for sure, and if you can get a
> wildcard
> > > > SSL cert then it'll work.
> > > > But it shouldn't match test.myCompany.com -and- test2.myCompany.com
> should
> > > > it?
> > > >
> > > > *.myCompany.com is not test.myCompany.com (or so I thought).
> > > >
> > > > Cheers
> > > > Ken
> > > >
> > > >
> > > > "BB" <qbernard@hotmail.com> wrote in message
> > > > news:uCCId1gNDHA.704@tk2msftngp13.phx.gbl...
> > > > : Interesting. I have done *.domain.com point to 1 site.
> > > > :
> > > > : 1) DNS A record '*'
> > > > : 2) Create a site 'no host header' bind to 1 IP
> > > > :
> > > > : If the certs common name is *.domain.com, I think it would
> > > > : likely works, no host header concept.
> > > > :
> > > > : Verisign provide * - wildcard cert as well.
> > > > :
> > > > :
> > > > : -- 
> > > > : Regards,
> > > > : Bernard Cheah
> > > > : http://support.microsoft.com/
> > > > :
> > > > :
> > > > : "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> > > > : news:ezXn$vgNDHA.2636@TK2MSFTNGP10.phx.gbl...
> > > > : > You can't use host headers with SSL
> > > > : >
> > > > : > Why? Because the HTTP headers are encrypted, including the HTTP
> Host:
> > > > : > header, which means the server doesn't know which website the
> request
> > >  is
> > > > : > going to.
> > > > : >
> > > > : > Each IP address can only have a single certificate for each port
> (eg
> > >  one
> > >  SSL
> > > > : > site on port 443, but you can configure additional sites on
> > >  non-standard
> > > > : > ports if you want to).
> > > > : >
> > > > : > You can resolve both test.domain.com and test2.domain.com to the
> same
> > >  IP
> > > > : > address if you want (the protocol has nothing to do with it -
name
> > > > : > resolution is performed by DNS), but since you can only create a
> > >  single
> > > > : > cert, and the cert includes the sitename, you'll get a warning
on
> one
> > >  of
> > >  the
> > > > : > sites that the name in the cert doesn't not match the current
name
> of
> > >  the
> > > > : > site.
> > > > : >
> > > > : > Cheers
> > > > : > Ken
> > > > : >
> > > > : > "Dan Foxley" <dfoxley@nospampacificdatavision.com> wrote in
> message
> > > > : > news:eH7EXKeNDHA.3768@tk2msftngp13.phx.gbl...
> > > > : > : I would like to implement Wildcard SSL on Win2k Sever SP3, IIS
> 5.1.
> > >  Can
> > >  I
> > > > : > : do the following:
> > > > : > : https://test.domain.com
> > > > : > : https://test2.domain.com
> > > > : > :
> > > > : > : 1. Can both resolve to the same IP, using *.domain.com? (Host
> > >  Headers
> > >  then,
> > > > : > : correct?)
> > > > : > :
> > > > : > : 2. If I have to generate a cert request for each Site
> > >  "*.domain.com",
> > >  will
> > > > : > : they all be the same, and be able to accept the Cert from the
> SSL
> > >  provider?
> > > > : > :
> > > > : > : 3. The article below states that IIS won't generate a cert
> request
> > >  with
> > > > : > : "*.domain.com".
> > > > : > :
> > > > : > : In general what is the intended way to set up Wildcard SSL on
> IIS
> > >  5.1?
> > > > : > :
> > > > : > : Thanks,
> > > > : > : Dan Foxley
> > > > : > :
> > > > : > : I found the following reference to Wildcard SSL certs.  It's a
> > >  little
> > > > : > : incomplete.
> > > > : > :
> > > > : > :
> > >  http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=25578
> > > > : > :
> > > > : > :
> > > > : >
> > > > : >
> > > > :
> > > > :
> > > >
> > > >
>
>

Relevant Pages

  • Re: Wildcard SSL Implementation
    ... request for a certificate which would then be exported to the other ... If anyone has actually implemented a true wildcard certificate I'd ... > accept the pending request from the SSL Provider? ... > Dan Foxley ...
    (microsoft.public.inetserver.iis.security)
  • Re: Wildcard SSL Implementation
    ... "Paul Lynch" wrote in message ... > If the same certificate is used for each domain name, browsers will> indicate that the site domain name does not match the common name in> the certificate. ... a "wildcard" certificate of> the form *.isp.com is required to properly serve the multi-hostname> configuration without creating browser mismatch error messages. ... >> Bernard Cheah ...
    (microsoft.public.inetserver.iis.security)
  • Re: processing a CA certificate if initial pending request is dele
    ... How to Import a Server Certificate for Use in Internet Information Services ... do you have the CSR save on this when you gerenate the request ... >> Bernard Cheah ...
    (microsoft.public.inetserver.iis.security)
  • Re: processing a CA certificate if initial pending request is dele
    ... Problem is I just got back the certificate ... pending one in IIS and would have to start over again if there isn't a way to ... re-import that saved certificate request file? ... > Bernard Cheah ...
    (microsoft.public.inetserver.iis.security)
  • Re: Computer and User Certificates Issues
    ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
    (microsoft.public.security)