|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Certificate TypesI have a single ssl website which can be pulled up on the browser using two
methods: https://www.website.com and https://website.com. I currently have both a wildcard ssl certificate *.website.com and a normal ssl www.website.com. After install the wildcard ssl certificate, I can only get www.website.com to browse without a certificate error. When I use https://website.com the certificate throws an error of invalid certificate. How do I configure IIS 6.0 so that if a customer uses https://website.com and https://www.website.com that they do not get a invalid certificate message for either format? On Nov 29, 6:17 pm, Gilly G <Gil***@discussions.microsoft.com> wrote:
> I have a single ssl website which can be pulled up on the browser using two It depends on whether you want separate IP address or multi-subject> methods: https://www.website.comandhttps://website.com. I currently have > both a wildcard ssl certificate *.website.com and a normal sslwww.website..com. After install the wildcard ssl certificate, I can only getwww.website.comto browse without a certificate error. When I usehttps://website.comthe certificate throws an error of invalid certificate. > > How do I configure IIS 6.0 so that if a customer useshttps://website.com > andhttps://www.website.comthat they do not get a invalid certificate > message for either format? certificates. You need to either: 1. Have a single certificate which has multiple CN subject names for both website.com as well as www.website.com (*.website.com is not sufficient -- it does not match "website.com") 2. Map website.com and www.website.com to two different IP addresses, each to a different IIS website, each with its own SSL certificate for a single host name. This really has very little to do with IIS. The costs are completely due to how SSL works as well as how web browsers warn. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // Gilly wrote on Sat, 29 Nov 2008 18:17:00 -0800:
> I have a single ssl website which can be pulled up on the browser using You use 2 different IPs with 2 SSL certs mapped to the same physical file > two methods: https://www.website.com and https://website.com. I > currently have both a wildcard ssl certificate *.website.com and a > normal ssl www.website.com. After install the wildcard ssl > certificate, I can only get www.website.com to browse without a > certificate error. When I use https://website.com the certificate > throws an error of invalid certificate. > How do I configure IIS 6.0 so that if a customer uses > https://website.com and https://www.website.com that they do not get a > invalid certificate message for either format? structure (so they run as 2 different sites but pulling the same files from the same location), or you get a cert with multiple CN parts in it (www.website.com and website.com). Your problem is that *.website.com does not match website.com - *. literally means "any characters followed by a fullstop" and there is no fullstop at the start of your second URL; https://website.com is not the same as https://.website.com (notice the . before the website.com hostname). This is not something that can be "fixed" with IIS6 using the certificate you have - it's the browser that interprets the CN part of the certificate and compares to the hostname in the request, all IIS6 is doing is sending the SSL cert mapped to the IP and this is working as expected. -- Dan Daniel wrote to Gilly G on Tue, 2 Dec 2008 12:12:26 -0000:
Show quoteHide quote > Gilly wrote on Sat, 29 Nov 2008 18:17:00 -0800: Damn, David beat me to it. His reply wasn't showing up when I originally >> I have a single ssl website which can be pulled up on the browser >> using two methods: https://www.website.com and https://website.com. >> I currently have both a wildcard ssl certificate *.website.com and a >> normal ssl www.website.com. After install the wildcard ssl >> certificate, I can only get www.website.com to browse without a >> certificate error. When I use https://website.com the certificate >> throws an error of invalid certificate. >> How do I configure IIS 6.0 so that if a customer uses >> https://website.com and https://www.website.com that they do not get >> a invalid certificate message for either format? > You use 2 different IPs with 2 SSL certs mapped to the same physical > file structure (so they run as 2 different sites but pulling the same > files from the same location), or you get a cert with multiple CN > parts in it (www.website.com and website.com). Your problem is that > *.website.com does not match website.com - *. literally means "any > characters followed by a fullstop" and there is no fullstop at the > start of your second URL; https://website.com is not the same as > https://.website.com (notice the . before the website.com hostname). > This is not something that can be "fixed" with IIS6 using the > certificate you have - it's the browser that interprets the CN part of > the certificate and compares to the hostname in the request, all IIS6 > is doing is sending the SSL cert mapped to the IP and this is working > as expected. checked the newsgroup ... :( -- Dan 
Other interesting topics
Web App using integrated Active Directory Authentication
Problem processing SSL certificate response. ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please IIS IWA no longer works after VS2008 SP1 installed ASP can't use database on slave server WEB app with OLE server works on WinXP & IIS5 but not on Server200 IIS Restrictions How to use SSL host headers for multiple domains on the same serve DDOS attack ! IIS / W2K3 URI Limits |
|||||||||||||||||||||||
