|
Home > Archive > IIS Server > July 2005 > Wildcard SSL IIS 6.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Wildcard SSL IIS 6.0
|
|
|
| Is it possible to do the following with a wildcard cert *.hosting.com using
Windows Server 2003 and IIS 6.0?
Are there any tutorials on this?
Each company below has its own site and would use the second host header to
serve content via SSL.
IIS Site 1:
IP 24.75.111.222
Host Header www.company1.com Port 80 Requests
Host Header company1.hosting.com Port 443 SSL Requests
IIS Site 2:
IP 24.75.111.222
Host Header www.company2.com Port 80 Requests
Host Header company2.hosting.com Port 443 SSL Requests
IIS Site 3:
IP 24.75.111.222
Host Header www.company3.com Port 80 Requests
Host Header company3.hosting.com Port 443 SSL Requests
Thanks
Mike
| |
| Bernard 2005-05-15, 8:35 am |
| You can have wildcard SSL if all your 3 sites are under one common name.
E.g. *.company.com.
If your case, the top level domain is different. Company1, 2 and 3.com. In
this setup, you need 3 different certs + 3 set of IPs
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"Mike" <mikenospam@com.nospam> wrote in message
news:%23cyMyXJWFHA.3424@TK2MSFTNGP09.phx.gbl...
> Is it possible to do the following with a wildcard cert *.hosting.com
> using
> Windows Server 2003 and IIS 6.0?
> Are there any tutorials on this?
> Each company below has its own site and would use the second host header
> to
> serve content via SSL.
>
> IIS Site 1:
> IP 24.75.111.222
> Host Header www.company1.com Port 80 Requests
> Host Header company1.hosting.com Port 443 SSL Requests
>
> IIS Site 2:
> IP 24.75.111.222
> Host Header www.company2.com Port 80 Requests
> Host Header company2.hosting.com Port 443 SSL Requests
>
> IIS Site 3:
> IP 24.75.111.222
> Host Header www.company3.com Port 80 Requests
> Host Header company3.hosting.com Port 443 SSL Requests
>
> Thanks
>
> Mike
>
>
| |
|
| Each company/site would use:
http://company1.com for non ssl request and would use:
https://company1.hostingcompany.com for all ssl requests.
Company 1 would have two host header entries in IIS company1.com and
company1.hostingcompany.com
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:euI1qOQWFHA.3572@TK2MSFTNGP12.phx.gbl...
> You can have wildcard SSL if all your 3 sites are under one common name.
> E.g. *.company.com.
> If your case, the top level domain is different. Company1, 2 and 3.com. In
> this setup, you need 3 different certs + 3 set of IPs
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Mike" <mikenospam@com.nospam> wrote in message
> news:%23cyMyXJWFHA.3424@TK2MSFTNGP09.phx.gbl...
>
>
| |
|
|
|
| I have the exact same scenario....
How do we enable the SSL for each subdomain of company1.hostingcompany.com?
thanks, Mizer
--
Thanks for your time,
Mizer
"Bernard" wrote:
> In this case, it will works... coz your SSL sites will be
> *.hostingcompany.com......
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Mike" <mikenospam@com.nospam> wrote in message
> news:%23mxW64UWFHA.2540@tk2msftngp13.phx.gbl...
>
>
>
| |
|
|
|
| Bernard,
I checked out your blog. It is helpful!
I only have a single IP address for my aDSL service. That is why I am using
host headers to distinguish between websites. Can I assign multiple private
IP addresses to my NIC card and then connect each web site to a different
private IP address?
How do I find the website ID?
--
Thanks for your time,
Mizer
"Bernard" wrote:
> You need to deploy at wildcard cert @ hostingcompany.com website.
> after that - have a wildcard dns A record entry that point * to this website
> IP address.
>
> I just blogged this..
> http://msmvps.com/bernard/archive/2005/05/25/48852.aspx
>
> hope it helps.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "mizer" <mizer@discussions.microsoft.com> wrote in message
> news:B1593363-6D92-40BD-98DA-FEFA9DFCDF5D@microsoft.com...
>
>
>
| |
| Bernard 2005-05-26, 8:06 am |
| To find website Id, you can try 'iisweb /query'.
In your setup. one public IP forward to many IP address internally. With
each site support SSL+ host header... Mm....
I know this would work, if all sites are on public and not NAT (forwarding)
is involved. but with one public forward to the IIS machine. You are
actually forwarding to 1 specific IP only right ? if yes, how does IIS
know other IP address website?
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"mizer" <mizer@discussions.microsoft.com> wrote in message
news:14C5DCC2-338C-4E3E-96FA-E3229FA0307E@microsoft.com...[vbcol=seagreen]
> Bernard,
>
> I checked out your blog. It is helpful!
>
> I only have a single IP address for my aDSL service. That is why I am
> using
> host headers to distinguish between websites. Can I assign multiple
> private
> IP addresses to my NIC card and then connect each web site to a different
> private IP address?
>
> How do I find the website ID?
>
> --
> Thanks for your time,
> Mizer
>
>
> "Bernard" wrote:
>
| |
|
| Bernard,
I tried the "iisweb /query" and it appears to give me the site ID number.
My setup is as follows:
1. I have a single dynamic IP address for my DSL line.
2. In my router, I am forwarding all port 80 requests to the internal IP
address of my webserver.
3. All of my websites use the "All Unassigned" setting for the IP address
and port 80.
4. Each of my web sites has a unqiue host header name.
5. Each website has host headers named: www.company1.com and
company1.webhost.com
6. I have installed a wildcard certificate for the *.webhost.com website.
7. As I understand from the document below, I can use the host header names
(company1.webhost.com) to provide a secure area for web pages.
http://www.microsoft.com/technet/pr...941b07554c.mspx
Does this make it any more clear?
--
Thanks for your time,
Mizer
"Bernard" wrote:
> To find website Id, you can try 'iisweb /query'.
>
> In your setup. one public IP forward to many IP address internally. With
> each site support SSL+ host header... Mm....
> I know this would work, if all sites are on public and not NAT (forwarding)
> is involved. but with one public forward to the IIS machine. You are
> actually forwarding to 1 specific IP only right ? if yes, how does IIS
> know other IP address website?
>
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "mizer" <mizer@discussions.microsoft.com> wrote in message
> news:14C5DCC2-338C-4E3E-96FA-E3229FA0307E@microsoft.com...
>
>
>
| |
| Bernard 2005-05-27, 2:48 am |
| I understand your setup environment. As mentioned, it would work if each
site has own ip + host header + wildcard cert.
in your case. you have one ip I assumed with your entire IIS. hence you need
to really test it. and I would say the 443 binding is to 0.0.0.0:443 for all
sites and if you browsing site2. it is actually using cert from site1. but
since it's a wildcard cert, it might works.
I'm very interesting with your test result. Try to access the site
internally first. then test remotely via your DSL line.
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"mizer" <mizer@discussions.microsoft.com> wrote in message
news:6C9D0828-4F47-473C-B57A-77FC1673425D@microsoft.com...[vbcol=seagreen]
> Bernard,
>
> I tried the "iisweb /query" and it appears to give me the site ID number.
>
> My setup is as follows:
>
> 1. I have a single dynamic IP address for my DSL line.
> 2. In my router, I am forwarding all port 80 requests to the internal IP
> address of my webserver.
> 3. All of my websites use the "All Unassigned" setting for the IP address
> and port 80.
> 4. Each of my web sites has a unqiue host header name.
> 5. Each website has host headers named: www.company1.com and
> company1.webhost.com
> 6. I have installed a wildcard certificate for the *.webhost.com website.
> 7. As I understand from the document below, I can use the host header
> names
> (company1.webhost.com) to provide a secure area for web pages.
>
> http://www.microsoft.com/technet/pr...941b07554c.mspx
>
> Does this make it any more clear?
>
> --
> Thanks for your time,
> Mizer
>
>
> "Bernard" wrote:
>
| |
|
| Bernard,
Upon entering the following command , I am getting the error listed below.
Any suggestions?
C:\>cscript.exe adsutil.vbs set /w3svc/435936403/SecureBindings
"0.0.0.0:443:site1.webhosting.com"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
CScript Error: Execution of the Windows Script Host failed. (The parameter
is in
correct. )
C:\>
--
Thanks for your time,
Mizer
"Bernard" wrote:
> I understand your setup environment. As mentioned, it would work if each
> site has own ip + host header + wildcard cert.
> in your case. you have one ip I assumed with your entire IIS. hence you need
> to really test it. and I would say the 443 binding is to 0.0.0.0:443 for all
> sites and if you browsing site2. it is actually using cert from site1. but
> since it's a wildcard cert, it might works.
>
> I'm very interesting with your test result. Try to access the site
> internally first. then test remotely via your DSL line.
>
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "mizer" <mizer@discussions.microsoft.com> wrote in message
> news:6C9D0828-4F47-473C-B57A-77FC1673425D@microsoft.com...
>
>
>
| |
| Bernard Cheah [MVP] 2005-06-01, 2:49 am |
| Err. it works on mine.
C:\Inetpub\AdminScripts>adsutil.vbs set /w3svc/1/securebindings
"192.168.10.1:443:header.mydomain.com"
securebindings : (LIST)
"192.168.10.1:443:443:header.mydomain.com"
Set to the site ip rather than 0.0.0.0.
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"mizer" <mizer@discussions.microsoft.com> wrote in message
news:5F6E5BD5-AE7F-47F3-B880-723E2E497FE7@microsoft.com...[vbcol=seagreen]
> Bernard,
>
> Upon entering the following command , I am getting the error listed below.
> Any suggestions?
>
> C:\>cscript.exe adsutil.vbs set /w3svc/435936403/SecureBindings
> "0.0.0.0:443:site1.webhosting.com"
> Microsoft (R) Windows Script Host Version 5.6
> Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>
> CScript Error: Execution of the Windows Script Host failed. (The parameter
> is in
> correct. )
>
> C:\>
> --
> Thanks for your time,
> Mizer
>
>
> "Bernard" wrote:
>
| |
|
| All of my sites are using the "All Unasigned" as their IP address.
Should I set all of my sites to the same IP as my server (192.168.1.15)?
--
Thanks for your time,
Mizer
"Bernard Cheah [MVP]" wrote:
> Err. it works on mine.
> C:\Inetpub\AdminScripts>adsutil.vbs set /w3svc/1/securebindings
> "192.168.10.1:443:header.mydomain.com"
> securebindings : (LIST)
> "192.168.10.1:443:443:header.mydomain.com"
>
> Set to the site ip rather than 0.0.0.0.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "mizer" <mizer@discussions.microsoft.com> wrote in message
> news:5F6E5BD5-AE7F-47F3-B880-723E2E497FE7@microsoft.com...
>
>
>
| |
| Bernard Cheah [MVP] 2005-06-15, 7:48 am |
| Sorry. I was away and didn't catch this till now.
Well, I tried all unassigned and i couldn't start the site. after I set it
to a specific IP that the site is bind to, It works.
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"mizer" <mizer@discussions.microsoft.com> wrote in message
news:51629084-CE55-4FB0-966B-41D048224DFE@microsoft.com...[vbcol=seagreen]
> All of my sites are using the "All Unasigned" as their IP address.
>
> Should I set all of my sites to the same IP as my server (192.168.1.15)?
> --
> Thanks for your time,
> Mizer
>
>
> "Bernard Cheah [MVP]" wrote:
>
| |
| DotNet 2005-06-28, 5:54 pm |
| Bernard,
I am trying the same thing and am having all kinds of problems.
I have purchased and installed the wildcard ssl cert.
I am using the command line to regester it wiht the following line:
cscript.exe adsutil.vbs set /w3svc/1267602825/SecureBindings
":443:safety.safezone.ws
When I try to start the website I get this in the event log:
Cannot register the URL prefix
'https://safety.safezone.ws:443:12.110.176.2/' for site '1267602825'. The
necessary network binding may already be in use. The site has been
deactivated. The data field contains the error number.
The site will then not start.
I am trying to put all secured sites under safezone.ws and use host headers.
For example:
https://site1.safezone.ws
https://site2.safezone.ws
https://site3.safezone.ws
https://site4.safezone.ws
All my other sites are running on the same IP on port 80. There are no other
sites configured with 443 port or the same header.
Please help me make it work.
Doug Farrell
DotNet International, Inc.
"Bernard Cheah [MVP]" wrote:
[vbcol=seagreen]
> Sorry. I was away and didn't catch this till now.
>
> Well, I tried all unassigned and i couldn't start the site. after I set it
> to a specific IP that the site is bind to, It works.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "mizer" <mizer@discussions.microsoft.com> wrote in message
> news:51629084-CE55-4FB0-966B-41D048224DFE@microsoft.com...
| |
|
| DotNet,
I have successfully accomplished this task. If you can give me a few days to
return home, I will share the instructions I have written down with you.
Here are a few pointers:
All websites should use the "All Unassigned" as the IP address
Create a new website for each site1.safezone.com host header
Delete any host header entries for all websites that match *.safezone.com
Set new website to use SSL port 443
Add existing certificate to new website
Enter command line information
--
Thanks for your time,
Mizer
"DotNet" wrote:
[vbcol=seagreen]
> Bernard,
> I am trying the same thing and am having all kinds of problems.
>
> I have purchased and installed the wildcard ssl cert.
>
> I am using the command line to regester it wiht the following line:
> cscript.exe adsutil.vbs set /w3svc/1267602825/SecureBindings
> ":443:safety.safezone.ws
>
> When I try to start the website I get this in the event log:
>
> Cannot register the URL prefix
> 'https://safety.safezone.ws:443:12.110.176.2/' for site '1267602825'. The
> necessary network binding may already be in use. The site has been
> deactivated. The data field contains the error number.
>
> The site will then not start.
>
> I am trying to put all secured sites under safezone.ws and use host headers.
> For example:
> https://site1.safezone.ws
> https://site2.safezone.ws
> https://site3.safezone.ws
> https://site4.safezone.ws
>
> All my other sites are running on the same IP on port 80. There are no other
> sites configured with 443 port or the same header.
>
> Please help me make it work.
> Doug Farrell
> DotNet International, Inc.
>
>
> "Bernard Cheah [MVP]" wrote:
>
| |
| DotNet 2005-06-29, 2:48 am |
| Mizer,
Finnaly got it...it appears there was a site hiding on the 443 port. I found
it by doing an iisweb /query.
Thanks for the help and good luck to you!
Doug
"mizer" wrote:
[vbcol=seagreen]
> DotNet,
>
> I have successfully accomplished this task. If you can give me a few days to
> return home, I will share the instructions I have written down with you.
> Here are a few pointers:
> All websites should use the "All Unassigned" as the IP address
> Create a new website for each site1.safezone.com host header
> Delete any host header entries for all websites that match *.safezone.com
> Set new website to use SSL port 443
> Add existing certificate to new website
> Enter command line information
>
> --
> Thanks for your time,
> Mizer
>
>
> "DotNet" wrote:
>
| |
| Bernard Cheah [MVP] 2005-07-04, 7:49 am |
| Sorry, I was traveling, thanks for the update.
if you don't mind, can you post the output of the iisweb /query here ?
--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"DotNet" <DotNet@discussions.microsoft.com> wrote in message
news:78093E5A-AA07-41B7-BB68-61A83BD24864@microsoft.com...[vbcol=seagreen]
> Mizer,
> Finnaly got it...it appears there was a site hiding on the 443 port. I
> found
> it by doing an iisweb /query.
> Thanks for the help and good luck to you!
> Doug
>
> "mizer" wrote:
>
|
|
|
|
|