 |
|
 |
|
|
 |
Do I really need a wild card certificate ? |
 |
 |
|
|
04-01-06 08:04 PM
I am trying to set up a virtual directory that uses SSL (at the moment it
just contains index.htm). Once all the various settings are set I can
navigate to this page from within my network (but external sites produce a
page not found error) If I switch off ‘Require SSL’ I can navigate to th
e
index page no problem (internal and external). I have tried various fixs to
this probelm, but I think the issue could be to do with host headers ?
We use host headers because we have a few sites hosted on our webserver. My
question is do I really need a wildcard cert? I ask because (other than it
being a pain/cost to sort out) we host OWA on this sever as well and it uses
SSL and does not seam to have a wild card cert ?!?!
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-01-06 08:04 PM
Well, depending on your needs and number of sites you plan to SSL'ed.
Wildcard cert is typicall more expensive then normal SSL cert, also wildcard
cert work at top domain level. e.g. all your sites must have the same
*.domain.com, else you need more than 1 cert.
With w2k3 SP1, you can sort of have host header work with SSL cert, but take
note again the catch here is that all sites must be in same top domain
*.domain.com
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/
"Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote
in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
>I am trying to set up a virtual directory that uses SSL (at the moment it
> just contains index.htm). Once all the various settings are set I can
> navigate to this page from within my network (but external sites produce a
> page not found error) If I switch off ‘Require SSL’ I can navigate to
> the
> index page no problem (internal and external). I have tried various fixs
> to
> this probelm, but I think the issue could be to do with host headers ?
>
> We use host headers because we have a few sites hosted on our webserver.
> My
> question is do I really need a wildcard cert? I ask because (other than it
> being a pain/cost to sort out) we host OWA on this sever as well and it
> uses
> SSL and does not seam to have a wild card cert ?!?!
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-01-06 08:04 PM
At this stage I just want one virtual directory SSL 'ed. This directory sits
under our main site. There are 3 other sites using host headers as well and
no SSL (they are from different domains).
The main site has the exchange virtual directories under it (which are using
SSL already), However with the virtual directory I created I can't get SSL
working on external sites. Maybe I am on the wrong track with host headers
(as only the main site needs SSL ? and it is already working for exchange ?)
IIS is pretty frustrating, as a developer I just want a method of passing
secure data to and from remote clients. I am begining to think that I should
just encrypt all the traffic in code.....probably easier than messing with
the many IIS settings...
NOTE: As a developer I only have a light understanding of IIS, we are a
small org and cannot afford a specaist in this area. So it could be somthing
simple I just need a pointer in the right direction....
----------------------------------------------------------------------------
--------------------
"Bernard Cheah [MVP]" wrote:
> Well, depending on your needs and number of sites you plan to SSL'ed.
> Wildcard cert is typicall more expensive then normal SSL cert, also wildca
rd
> cert work at top domain level. e.g. all your sites must have the same
> *.domain.com, else you need more than 1 cert.
>
> With w2k3 SP1, you can sort of have host header work with SSL cert, but ta
ke
> note again the catch here is that all sites must be in same top domain
> *.domain.com
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote
> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
>
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-01-06 08:04 PM
For starter, SSL cert bind to website level, you can't install cert on
virtual directory/file level, however you can control SSL requirement all
the way from site to directories or even file level....
Now, I don't get you on -> I can't get SSL working on external sites.
External site is your main site? http:// working but not https:// what do
you get when you browse under https ?
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/
"Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote
in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com...[vbcol=seagreen]
> At this stage I just want one virtual directory SSL 'ed. This directory
> sits
> under our main site. There are 3 other sites using host headers as well
> and
> no SSL (they are from different domains).
>
> The main site has the exchange virtual directories under it (which are
> using
> SSL already), However with the virtual directory I created I can't get SSL
> working on external sites. Maybe I am on the wrong track with host headers
> (as only the main site needs SSL ? and it is already working for exchange
> ?)
>
> IIS is pretty frustrating, as a developer I just want a method of passing
> secure data to and from remote clients. I am begining to think that I
> should
> just encrypt all the traffic in code.....probably easier than messing with
> the many IIS settings...
>
> NOTE: As a developer I only have a light understanding of IIS, we are a
> small org and cannot afford a specaist in this area. So it could be
> somthing
> simple I just need a pointer in the right direction....
>
> --------------------------------------------------------------------------
----------------------
>
> "Bernard Cheah [MVP]" wrote:
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-01-06 08:04 PM
"Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:OZKvFdIVGHA.5332@TK2MSFTNGP10.phx.gbl...
> For starter, SSL cert bind to website level, you can't install cert on
> virtual directory/file level, however you can control SSL requirement all
> the way from site to directories or even file level....
>
> Now, I don't get you on -> I can't get SSL working on external sites.
>
> External site is your main site? http:// working but not https:// what do
> you get when you browse under https ?
>
That sounds an awful lot like the network address translation in to the
local network is wrong.
Or that the IP on the cert is not bound to the IP that the router/firewall
is translating in or something.
Maybe if you posted all of the details of the DNS resolution and the IPs for
the devices someone could point out the error.
Likewise, check the port translation and the IPs. You might be sending port
80 (http) to some place else entirely, and port 443 (https) is the one that
is actually translated correctly.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-01-06 08:04 PM
> Now, I don't get you on -> I can't get SSL working on external sites.
Answer:
When I browse to the SSL enabled virtual directory from within my work
network (ie from my development machine) by providing IE with the full URL t
o
the resource I want to open, IE displays the page correctly. This URL starts
off Https:// because SSL is enabled on the virtual directory. However when I
go home (out side of my work net wetwork) and try this Https:// url on my
home computer I get the posted error ('The resource cannot be found.'). If
uncheck the SSL property on the virtual directory, I can view the page no
problems form both locations.
Note:By main site, I mean the first site setup and the one that gets the
most traffic
"Bernard Cheah [MVP]" wrote:
> For starter, SSL cert bind to website level, you can't install cert on
> virtual directory/file level, however you can control SSL requirement all
> the way from site to directories or even file level....
>
> Now, I don't get you on -> I can't get SSL working on external sites.
>
> External site is your main site? http:// working but not https:// what do
> you get when you browse under https ?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote
> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com...
>
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-11-06 02:53 PM
In this case, this is more related to network question as internally the
https site is working fine.
check:
- if you can ping the server from remote side
- check if the firewall allow port 443 traffic (https) to your server
browsing the site http:// no problem?
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/
"Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote
in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com...[vbcol=seagreen]
>
> Answer:
> When I browse to the SSL enabled virtual directory from within my work
> network (ie from my development machine) by providing IE with the full URL
> to
> the resource I want to open, IE displays the page correctly. This URL
> starts
> off Https:// because SSL is enabled on the virtual directory. However when
> I
> go home (out side of my work net wetwork) and try this Https:// url on my
> home computer I get the posted error ('The resource cannot be found.'). If
> uncheck the SSL property on the virtual directory, I can view the page no
> problems form both locations.
>
> Note:By main site, I mean the first site setup and the one that gets the
> most traffic
>
> "Bernard Cheah [MVP]" wrote:
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Do I really need a wild card certificate ? |
|
|
|
|
04-11-06 02:53 PM
Looks like you and Funkadyleik are correct it is a network issue, recently w
e
had problems with our OWA so a contractor was cllaed in to fix it. He set up
OWA on another machine and redirected port 443 traffic to this new box (via
the router/netscreen/firewall thingys) So that explains the behaviour I
experienced; my traffic (from outside the network that goes through the
router) was being diverted to a machine with none of my pages on it. Hence
page not found errors I guess.....
Phew.. I am glad I am not going mad. Now I know what the issue is I can work
towards fixing it (probably get another IP address I guess).
Thanks to both of you for taking the time to answer my questions. I would
never have found the problem otherwise.
"Bernard Cheah [MVP]" wrote:
> In this case, this is more related to network question as internally the
> https site is working fine.
> check:
> - if you can ping the server from remote side
> - check if the firewall allow port 443 traffic (https) to your server
>
> browsing the site http:// no problem?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote
> in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com...
>
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 07:59 PM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
