Re: Implementing 2 certificates with IIS 6.0

From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 09/04/05

  • Next message: Gery D. Dorazio: "Re: ISAPI filter design for proper permissions?"
    Date: Sun, 4 Sep 2005 18:07:49 +0200
    
    

    Thanks for the info David!

    -- 
    Mike
    Microsoft MVP - Windows Security
    "David Wang [Msft]" <someone@online.microsoft.com> wrote in message 
    news:%23q21UxDsFHA.908@tk2msftngp13.phx.gbl...
    > Actually, with Windows Server 2003 SP1, IIS6 supports Host Headers with 
    > SSL.
    > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx
    >
    > The key fact that remains is that SSL requires exactly one Server
    > Certificate per IP:Port combination.
    >
    > This means that to implement two SSL websites using different 
    > certificates,
    > you must have two different IP:Port combination.
    >
    > Even with Host Header over SSL, the requirements are that all the host
    > header websites MUST use the same SSL server certificate -- which means 
    > that
    > you must configure a wildcard SSL certificate for all of those websites.
    >
    > Clearly, this limits Host Header over SSL to only support sub-domains -- 
    > that is:
    > https://subdomain1.domain.com and https://subdomain2.domain.com can both
    > share the common *.domain.com SSL server certificate configured for those
    > two domains.
    >
    > In particular, since you cannot get a *.com certificate, you cannot use 
    > Host
    > Header over SSL for https://domain1.com and https://domain2.com
    >
    > In other words, IIS6 on Windows Server 2003 SP1 does not impose any
    > restrictions on SSL that are not already there in the protocol or by how 
    > the
    > world treats SSL Server Certificates.
    >
    > -- 
    > //David
    > IIS
    > http://blogs.msdn.com/David.Wang
    > This posting is provided "AS IS" with no warranties, and confers no 
    > rights.
    > //
    > "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
    > news:ucTc3g%23rFHA.3640@tk2msftngp13.phx.gbl...
    > You should either use different IP address or different TCP port when you
    > use SSL. You can't use host header when you use SSL.
    >
    > -- 
    > Mike
    > Microsoft MVP - Windows Security
    >
    >
    > "Henrique Alves" <henrique@isegi.unl.pt> wrote in message
    > news:eKHB1R%23rFHA.3392@TK2MSFTNGP11.phx.gbl...
    >> Hi,
    >>
    >> Like this - When I tried to browse the first site that I "install" the
    >> certificate, I get the certificate from the second site. Understand?
    >>
    >>            I think you gave me a great tip, I change the IP Address from
    >> the site and now I just get the first certificateK, strange. but it since
    >> that should be something to do with this.
    >>
    >>            I'm running the sites with the same IP address (just with
    >> different host headers), is there a problem?? Should I run with different
    >> IP's??
    >>
    >>            The Event log don't show any error related.
    >>
    >>            Can you help me with this now??
    >>
    >>
    >>
    >> Many thanks Mike,
    >>
    >> Henrique Alves.
    >>
    >>
    >>
    >>
    >> "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
    >> news:OEWba69rFHA.1256@TK2MSFTNGP09.phx.gbl...
    >>> Hi,
    >>>
    >>> How does this error represent itself? What happens when you try and use
    >>> the first certificate?
    >>>
    >>> Are you running these different sites on different IP addresses? Are
    >>> there any errors in Event logs (Applications and System logs)?
    >>>
    >>> -- 
    >>> Mike
    >>> Microsoft MVP - Windows Security
    >>>
    >>> "Henrique Alves" <henrique@isegi.unl.pt> wrote in message
    >>> news:eycjjd8rFHA.2592@TK2MSFTNGP09.phx.gbl...
    >>>> Hi,
    >>>>
    >>>>    I tried to install two web server certificates in the same machine
    >>>> (but
    >>>> in diferente sites), with IIS 6.0, but with no success.
    >>>>
    >>>>    What happened was that when I first install the first certificate
    >>>> everything works fine, but after installing the seconded one (in 
    >>>> another
    >>>> site) the first certificate never work again. I tried making backup e
    >>>> installing again, tried to remove and install the certificate again.and
    >>>> nothing works. can anyone help me????
    >>>>
    >>>>
    >>>>    I already install IIS Diag and everything looks ok...
    >>>>
    >>>>
    >>>>
    >>>> Thanks in advanced,
    >>>>
    >>>> Henrique Alves.
    >>>>
    >>>
    >>>
    >>
    >>
    >
    >
    > 
    

  • Next message: Gery D. Dorazio: "Re: ISAPI filter design for proper permissions?"