|
Home > Archive > IIS Server Security > March 2004 > SSL on IIS6.0 Multi-Homed
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSL on IIS6.0 Multi-Homed
|
|
| CQL User 2004-03-25, 9:52 am |
| I am having a problem on Windows 2003 Server.
On 2000, I could have a multi-homed server, as long as I only had 1 SSL per
IP. ie: port 443.
If the certificate was assigned to https://secure.foo.com, it works fine.
If I go to a multi-homed site, on the same IP, but NO SSL included, and I
typed in the multi-homed SSL, ie: https://www.multi.com, I should get an
error. However, it actually redirects to https://secure.foo.com and allows
the lock to appear and work. (even though the SSL is assigned to
https://secure.foo.com.)
Is this a bug? Should I be able to do this? I followed the instructions.
Shouldn't the SSL still look at the host header, to realize I am not going
to the valid address?
Please advise!
| |
| Bernard 2004-03-26, 11:49 am |
| 1) if you configure 2 host header in the secure site.
when you type https://www.multi.com, you should be prompt
to validate the cert as the common name does't match with the cert.
2) I'm not sure why you get redirected.. you might want to check
if you have configure custom error page to redirect to https://secure....
3) and SSL doesn't support host header.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"CQL User" <foo@cqlcorp.com> wrote in message
news:uknOZcnEEHA.2408@TK2MSFTNGP10.phx.gbl...
> I am having a problem on Windows 2003 Server.
>
> On 2000, I could have a multi-homed server, as long as I only had 1 SSL
per
> IP. ie: port 443.
>
> If the certificate was assigned to https://secure.foo.com, it works fine.
>
> If I go to a multi-homed site, on the same IP, but NO SSL included, and I
> typed in the multi-homed SSL, ie: https://www.multi.com, I should get an
> error. However, it actually redirects to https://secure.foo.com and
allows
> the lock to appear and work. (even though the SSL is assigned to
> https://secure.foo.com.)
>
> Is this a bug? Should I be able to do this? I followed the instructions.
> Shouldn't the SSL still look at the host header, to realize I am not going
> to the valid address?
>
> Please advise!
>
>
|
|
|
|
|