|
Home > Archive > IIS Server Security > May 2005 > Multiple SSL identities on the same E3K front end server
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Multiple SSL identities on the same E3K front end server
|
|
| Sameh Ahmed 2005-05-04, 7:50 am |
| Hello there
My initial question:
is it possible to create multiple secure identities on the same server using
several certificates and a secondary IP to be used with each certificate?
the reason for this question is that people access Exchange 2003 front end
servers from both the internet and through our LAN.
The certificate issued to the server by our CA is issues to
"mail.mydomain.com" where as people from the internal LAN access the URL
"mail.myinternaldomain.local".
So I tried creating a new HTTP virtual server in order to assign a
certificate issued for mail.myinternaldomain.local and assign it to an IP
that internal users use.
No matter what I do, people keep getting the warning that the name on the
certificate is invalid or does not match the name of the site and when you
open the certificate it shows that the default website certificate
"mail.mydomain.com" is the one used.
I made sure that the new IP is propagated in our internal DNS system and
that the client is accessing the FE using the IP address and not the old
one.
I also noticed that using Exchange system manager; I am unable to add the
port 443 as the SSL port (text box dimmed)
My environment is IIS6 and E3K on windows 2003 enterprise edition.
Is there a limitation on using multiple certificates on the same server?
Regards
Sameh
| |
| Karl Levinson, mvp 2005-05-04, 7:50 am |
|
"Sameh Ahmed" <essoplus@hotmail.com> wrote in message
news:eSYKP$IUFHA.1148@tk2msftngp13.phx.gbl...
> is it possible to create multiple secure identities on the same server
using
> several certificates and a secondary IP to be used with each certificate?
> the reason for this question is that people access Exchange 2003 front end
> servers from both the internet and through our LAN.
> So I tried creating a new HTTP virtual server in order to assign a
> certificate issued for mail.myinternaldomain.local and assign it to an IP
> that internal users use.
> Is there a limitation on using multiple certificates on the same server?
I believe this should be possible. You didn't say... I assume you
configured the two HTTP servers to use different certificates and different
IP addresses? And that neither of those servers is configured to use "All
IP Addresses?" And that you're not trying to use host headers for SSL /
HTTPS?
| |
| Sameh Ahmed 2005-05-04, 7:50 am |
| hello Karl
Thanks for your reply
Yes I used a different IP for each virtual server
To configure the virtual server I use the IIS console
Both web sites are configured to use an IP and not all unassigned
The server have 2 different certificates installed
And I am aware that host headers will not be used when using HTTPS
The other thing is, when I try to configure the SSL port using the exchange
system manager, the text box is dimmed.
any ideas?
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:%23H6$6kJUFHA.2520@TK2MSFTNGP09.phx.gbl...
>
> "Sameh Ahmed" <essoplus@hotmail.com> wrote in message
> news:eSYKP$IUFHA.1148@tk2msftngp13.phx.gbl...
>
> using
>
>
>
> I believe this should be possible. You didn't say... I assume you
> configured the two HTTP servers to use different certificates and
> different
> IP addresses? And that neither of those servers is configured to use "All
> IP Addresses?" And that you're not trying to use host headers for SSL /
> HTTPS?
>
>
| |
| Karl Levinson, mvp 2005-05-07, 8:47 pm |
| I'm afraid not, I don't know much about Exchange 2003, such as whether there
is something you must do before you can configure SSL through the Exchange
console. Is it possible to configure the two SSL certificates entirely, or
initially, through the IIS MMC?
"Sameh Ahmed" <essoplus@hotmail.com> wrote in message
news:OKTZcUKUFHA.952@TK2MSFTNGP10.phx.gbl...
> hello Karl
> Thanks for your reply
> Yes I used a different IP for each virtual server
> To configure the virtual server I use the IIS console
> Both web sites are configured to use an IP and not all unassigned
> The server have 2 different certificates installed
> And I am aware that host headers will not be used when using HTTPS
> The other thing is, when I try to configure the SSL port using the
exchange
> system manager, the text box is dimmed.
> any ideas?
>
>
> "Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
> news:%23H6$6kJUFHA.2520@TK2MSFTNGP09.phx.gbl...
certificate?[vbcol=seagreen]
IP[vbcol=seagreen]
server?[vbcol=seagreen]
"All[vbcol=seagreen]
>
>
| |
| Sameh Ahmed 2005-05-11, 7:49 am |
| well
I figured it out, just needed to change the certificate
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:ubjOw81UFHA.1384@TK2MSFTNGP09.phx.gbl...
> I'm afraid not, I don't know much about Exchange 2003, such as whether
> there
> is something you must do before you can configure SSL through the Exchange
> console. Is it possible to configure the two SSL certificates entirely,
> or
> initially, through the IIS MMC?
>
>
> "Sameh Ahmed" <essoplus@hotmail.com> wrote in message
> news:OKTZcUKUFHA.952@TK2MSFTNGP10.phx.gbl...
> exchange
> certificate?
> IP
> server?
> "All
>
>
|
|
|
|
|