Re: Multiple Sites running same code, w/SSL.
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/25/04
- Next message: David Wang [Msft]: "Re: Random 401.2 Error in ASP.NET app"
- Previous message: Mike Masterton: "SmartNav.js permission denied after Windows update"
- In reply to: Jeffery Anti: "Multiple Sites running same code, w/SSL."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Nov 2004 22:05:47 -0800
> For some reason IIS is attempting to direct all https
> traffic to cust1 site regardless of the host name... it should
> just say "no web site is configured blah".
The behavior is by-design, and there is no way to resolve it. SSL websites
cannot use Host header. This is a limitation in SSL, not IIS.
Here is the problem -- Host header is a property of the HTTP request (it is
a request header) and NOT TCP connection, meaning the client transmits this
ENCRYPTED to the server. Now, as a part of the SSL handshake, the server is
supposed to send a server certificate associated with the named website
prior to decrypting this request. BUT, the Host header, which determines
the website and hence server certificate, is encrypted in the very thing
that is being decrypted. Catch-22 situation. Game over.
Thus, SSL can only be assigned by IP:Port. In your case, since all websites
use Host headers as the only distinguishing factor, only ONE website can
ever have SSL. Every HTTPS request will go to this one website, regardless
of Host header, because SSL is identified by ONLY IP:Port.
This is also why you get a "cert is not valid" popup. Web browser made a
request to cust2 but got a SSL certificate from cust1.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Jeffery Anti" <iiisystems@yahoo.com> wrote in message news:93a6158e.0411241154.6b1c841@posting.google.com... I have an IIS 5.0 server hosting multiple sites that point to the same code base. The host is the only part of the FQDN that changes per customer. The domain for all the sites will always be samedomain.com. All the sites resolve to the same IP so I use Host Header Name in IIS to direct traffic. I know this isn't the best way, but it's what I inherited and I have to make due for now. "cust1" requires SSL, and "cust2" does not. Example: Site in IIS: cust1.samedomain.com (SSL ON) home directory is /inetpub/mastersite Site in IIS: cust2.samedomain.com (SSL OFF) home directory is /inetpub/mastersite Hitting https://cust1.samedomain.com works properly Hitting http://cust2.samedomain.com works properly Now here's the problem: Hitting https://cust2.samedomain.com results in the end user being presented w/a Certificate acceptance claiming the cert is not valid for this site. There is NO cert setup for this site, only cust1 site has a cert installed. For some reason IIS is attempting to direct all https traffic to cust1 site regardless of the host name... it should just say "no web site is configured blah". How do I resolve this? BTW: In IIS/Web Site/Web Site Identification/Advanced/ cust1.samedomain.com:80 is the only entry for the site cust1.samedomain.com, and 443 is the only listing in "Multiple SSL Identities" Thanks all. -Jeff
- Next message: David Wang [Msft]: "Re: Random 401.2 Error in ASP.NET app"
- Previous message: Mike Masterton: "SmartNav.js permission denied after Windows update"
- In reply to: Jeffery Anti: "Multiple Sites running same code, w/SSL."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
