Re: Certificate Types



Daniel wrote to Gilly G on Tue, 2 Dec 2008 12:12:26 -0000:

Gilly wrote on Sat, 29 Nov 2008 18:17:00 -0800:

I have a single ssl website which can be pulled up on the browser
using two methods: https://www.website.com and https://website.com.
I currently have both a wildcard ssl certificate *.website.com and a
normal ssl www.website.com. After install the wildcard ssl
certificate, I can only get www.website.com to browse without a
certificate error. When I use https://website.com the certificate
throws an error of invalid certificate.

How do I configure IIS 6.0 so that if a customer uses
https://website.com and https://www.website.com that they do not get
a invalid certificate message for either format?


You use 2 different IPs with 2 SSL certs mapped to the same physical
file structure (so they run as 2 different sites but pulling the same
files from the same location), or you get a cert with multiple CN
parts in it (www.website.com and website.com). Your problem is that
*.website.com does not match website.com - *. literally means "any
characters followed by a fullstop" and there is no fullstop at the
start of your second URL; https://website.com is not the same as
https://.website.com (notice the . before the website.com hostname).

This is not something that can be "fixed" with IIS6 using the
certificate you have - it's the browser that interprets the CN part of
the certificate and compares to the hostname in the request, all IIS6
is doing is sending the SSL cert mapped to the IP and this is working
as expected.

Damn, David beat me to it. His reply wasn't showing up when I originally
checked the newsgroup ... :(

--
Dan


.



Relevant Pages

  • ActiveSync Support Code:
    ... network) has a wildcard SSL cert from GoDaddy. ... ActiveSync ... to access Exchange mailbox. ... The security certificate on the server is invalid. ...
    (microsoft.public.exchange.admin)
  • RE: ActiveSync Support Code:
    ... network) has a wildcard SSL cert from GoDaddy. ... ActiveSync ... to access Exchange mailbox. ... The security certificate on the server is invalid. ...
    (microsoft.public.exchange.admin)
  • ssl certificate error/warning with rpc over http (outlook anywhere) 2007 exchange/outlook...
    ... functionality would work with rpc over http clients.. ... except that users get a certificate warning about a mismatch on ... I have no interest at this point in getting a wildcard ssl ...
    (microsoft.public.exchange.admin)
  • Re: SSL woes with Outlook 2007, Exchange 2007, and OWA
    ... Communications Certificate? ... Exchange Management Shell but I cannot create a Unified Communications ... wildcard SSL won't be an option because we will be using Windows ...
    (microsoft.public.exchange.admin)