|
Home > Archive > IIS Server Security > December 2007 > SSL Certificate
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| George Schneider 2007-11-16, 1:39 pm |
| I generated a CSR file t request my SSL certificate but I only had a defualt
web site at the time of request. I have recevived the certifcyte. Do I wait
for the new site to be created before installing the certifacate or do I
install it now. I'm wondering If the instructions I had were worng and I had
to actual create the website prior to geneting the csr for verisign.
| |
| Rick Barber 2007-11-16, 1:39 pm |
| Hi George,
There are a couple of different answers, but I would go ahead and install
the certificate on the default site's CSR. Then setup the new site that you
want to use this certificate for. When you click 'Server Certificate' for
this new site, select 'Assign an existing certificate' and select the
appropriate certificate from the list. Then afterward, go back into the
default site and remove the certificate from the site.
--
Rick Barber
http://www.orcsweb.com
Managed Complex Hosting
#1 in Service and Support
"George Schneider" <georgedschneider@news.postalias> wrote in message
news:2E399F29-CFAD-4B7C-B650-7566C8D4437A@microsoft.com...
>I generated a CSR file t request my SSL certificate but I only had a
>defualt
> web site at the time of request. I have recevived the certifcyte. Do I
> wait
> for the new site to be created before installing the certifacate or do I
> install it now. I'm wondering If the instructions I had were worng and I
> had
> to actual create the website prior to geneting the csr for verisign.
| |
| George Schneider 2007-11-16, 1:39 pm |
| We just setup the new website in defualt site and changed the name. I need
to only allow communication to this web site via SSL over 443. Is this
something that can be done in IIS or on the server?
I know i can setup an ACL on my router to only allow SSL but was wondering
ig this could be don on the server side instead?
"Rick Barber" wrote:
> Hi George,
>
> There are a couple of different answers, but I would go ahead and install
> the certificate on the default site's CSR. Then setup the new site that you
> want to use this certificate for. When you click 'Server Certificate' for
> this new site, select 'Assign an existing certificate' and select the
> appropriate certificate from the list. Then afterward, go back into the
> default site and remove the certificate from the site.
>
> --
> Rick Barber
>
> http://www.orcsweb.com
> Managed Complex Hosting
> #1 in Service and Support
>
> "George Schneider" <georgedschneider@news.postalias> wrote in message
> news:2E399F29-CFAD-4B7C-B650-7566C8D4437A@microsoft.com...
>
>
>
| |
| Rick Barber 2007-11-16, 1:39 pm |
| Yes, when you go to the properties for the site, click the 'Directory
Security' tab, then Edit down near the bottom right. You will see there is
a check box where you can Require secure channel (SSL). That will only
allow traffic to the site coming in through https://. If you don't want
users to see the message that https: is required when they go to the site
using http://, then you could setup a second site that allows all traffic
for the site, and redirects to the https:// url.
--
Rick Barber
http://www.orcsweb.com
Managed Complex Hosting
#1 in Service and Support
"George Schneider" <georgedschneider@news.postalias> wrote in message
news:CB7F1686-B08B-42F9-975E-BF8D13269843@microsoft.com...[vbcol=seagreen]
> We just setup the new website in defualt site and changed the name. I
> need
> to only allow communication to this web site via SSL over 443. Is this
> something that can be done in IIS or on the server?
>
> I know i can setup an ACL on my router to only allow SSL but was wondering
> ig this could be don on the server side instead?
>
> "Rick Barber" wrote:
>
| |
| George Schneider 2007-11-16, 1:39 pm |
| How would I setup the redirect to the https site?
"Rick Barber" wrote:
> Yes, when you go to the properties for the site, click the 'Directory
> Security' tab, then Edit down near the bottom right. You will see there is
> a check box where you can Require secure channel (SSL). That will only
> allow traffic to the site coming in through https://. If you don't want
> users to see the message that https: is required when they go to the site
> using http://, then you could setup a second site that allows all traffic
> for the site, and redirects to the https:// url.
>
> --
> Rick Barber
>
> http://www.orcsweb.com
> Managed Complex Hosting
> #1 in Service and Support
>
> "George Schneider" <georgedschneider@news.postalias> wrote in message
> news:CB7F1686-B08B-42F9-975E-BF8D13269843@microsoft.com...
>
>
>
| |
| Rick Barber 2007-11-16, 1:39 pm |
| Actually, now that I think about it more, you can't setup the redirect like
that. You would need to use one of a few other options such as a refresh
through the meta tag, capturing the http header in code and rewriting it, or
a third part program to redirect the site.
I don't know what I was thinking in my earlier reply. Someone must have
spiked my coffee.
--
Rick Barber
http://www.orcsweb.com
Managed Complex Hosting
#1 in Service and Support
"George Schneider" <georgedschneider@news.postalias> wrote in message
news:AD00D226-0EDB-4BE8-9A1C-9822579B6BD7@microsoft.com...[vbcol=seagreen]
> How would I setup the redirect to the https site?
>
> "Rick Barber" wrote:
>
| |
|
| About CSR and certificates, best option is to process the pending CSR (on the
same machine that CSR was generated) using the certificate file received from
the cert authority and export it to a .pfx and use it to assign the
certificate for the new site. This will avoid issues related to the private
key.
To set up and redirect SSL request, you could try the below if possible.
assign certificates to the site through IIS.(you should be having a
dedicated IP assign to the site and registered on DNS)
assign port 443 to the IP through IIS (host headers won't help
because SSL does not support host headers)
make a virtual folder under each site pointing to the web content and keep
require ssl checked only to that virtual folder.
in the root of the site, place a redirect page which can redirect http
to https: with the complete URL pointing to http:\\site\virtualfolder. make
this redirect pages as default on each site.
Hope this helps.
"George Schneider" wrote:
> I generated a CSR file t request my SSL certificate but I only had a defualt
> web site at the time of request. I have recevived the certifcyte. Do I wait
> for the new site to be created before installing the certifacate or do I
> install it now. I'm wondering If the instructions I had were worng and I had
> to actual create the website prior to geneting the csr for verisign.
|
|
|
|
|