Re: SSL Host Headers IIS 6.0
From: Jeniffer K (me_at_me.com)
Date: 11/17/05
- Next message: Jeniffer K: "Re: SSL Host Headers IIS 6.0"
- Previous message: Miha Pihler [MVP]: "Re: secure and non-secure access to one site"
- In reply to: David Wang [Msft]: "Re: SSL Host Headers IIS 6.0"
- Next in thread: Jeniffer K: "Re: SSL Host Headers IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Nov 2005 09:33:56 -0500
Thank you so much all of you for the very helpful detailed answer, David
your description is precisely correct, in my test I configured Site
www.companyA.com to IP1 which is the default IP on this box and SSL on port
443, then site www.compnayB.com I also configured to IP1 with a different
Host Header and SSL to configured to All Unassigned because if I selected
IP1 it would not be able to bind it, the results...when I typed
https://www.compnayB.com it loaded https://www.compnayA.com
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:e9zAKlz6FHA.2628@TK2MSFTNGP11.phx.gbl...
> You have two SSL sites with different certificates/identities. You will
> either need two IPs or two Ports. I suggest two different IPs in your case
> because if you change ports, you will likely need to change a lot of web
> pages or do a lot of coding.
>
> You will not be able to use one IP:Port for both SSL sites who have
> different certificates. Think about it this way -- suppose you have:
> - www.CompanyA.com host header resolves to IP1:www.CompanyA.com
> - www.CompanyA.com website has its own SSL Certificate
> - www.CompanyB.com host header resolves to IP1:www.CompanyB.com
> - www.CompanyB.com website has its own SSL Certificate
>
> Suppose someone makes the request https://www.CompanyA.com - which
> translates into a request to IP1 over port 443 with host header
> www.CompanyA.com. Now, how does IIS know whether to use www.CompanyA.com
> 's
> SSL Certificate or www.CompanyB.com 's SSL Certificate to do the SSL
> negotiation? The host header value is encrypted with SSL, so IIS has to
> first complete SSL handshake with *some* SSL Server Certificate to decrypt
> and get the host header... but which one? This is basically a by-design
> catch-22.
>
> Thus, the only way to have SSL work is:
> 1. Each website has distinct IP:Port and distinct SSL Certificate
> 2. Websites with identical IP:Port must have wildcard SSL Certificate that
> covers the identity of each website
>
> Since you have distinct SSL Certificate and no wildcard SSL Certificate
> covers the identity of both your websites, you must pursue option #1. And
> you are choosing distinct IP so you don't need to recode any web pages.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Jeniffer K" <me@me.com> wrote in message
> news:%23gIIn8t6FHA.1184@TK2MSFTNGP12.phx.gbl...
> Today is the first time I've tried configuring a few sites with a cert and
> discovered that its not all that simple, I was under the assumption that
> its
> much like standard http on port 80 where it allows you to share the same
> IP
> by specifying a host headers with https on port 443 however it is an
> entirely different story, the site will fail to bind if two sites share
> the
> same port, I've searched and found the use of wildcard certificates but
> it's
> somewhat problematic for me because I have physical separate certificates
> for each site each site is an entirely different company, so how do I go
> about doing this?? also say I change the ssl port number for each site I
> want to secure, will I have to hard code the new port on each page that's
> linking to a secure page?? - please advice
>
> Thanks
>
>
>
- Next message: Jeniffer K: "Re: SSL Host Headers IIS 6.0"
- Previous message: Miha Pihler [MVP]: "Re: secure and non-secure access to one site"
- In reply to: David Wang [Msft]: "Re: SSL Host Headers IIS 6.0"
- Next in thread: Jeniffer K: "Re: SSL Host Headers IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
