|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Multiple SSL identities on the same E3K front end serverMy initial question: is it possible to create multiple secure identities on the same server using several certificates and a secondary IP to be used with each certificate? the reason for this question is that people access Exchange 2003 front end servers from both the internet and through our LAN. The certificate issued to the server by our CA is issues to "mail.mydomain.com" where as people from the internal LAN access the URL "mail.myinternaldomain.local". So I tried creating a new HTTP virtual server in order to assign a certificate issued for mail.myinternaldomain.local and assign it to an IP that internal users use. No matter what I do, people keep getting the warning that the name on the certificate is invalid or does not match the name of the site and when you open the certificate it shows that the default website certificate "mail.mydomain.com" is the one used. I made sure that the new IP is propagated in our internal DNS system and that the client is accessing the FE using the IP address and not the old one. I also noticed that using Exchange system manager; I am unable to add the port 443 as the SSL port (text box dimmed) My environment is IIS6 and E3K on windows 2003 enterprise edition. Is there a limitation on using multiple certificates on the same server? Regards Sameh
Show quote
Hide quote
"Sameh Ahmed" <essop***@hotmail.com> wrote in message I believe this should be possible. You didn't say... I assume younews:eSYKP$IUFHA.1148@tk2msftngp13.phx.gbl... > is it possible to create multiple secure identities on the same server using > several certificates and a secondary IP to be used with each certificate? > the reason for this question is that people access Exchange 2003 front end > servers from both the internet and through our LAN. > So I tried creating a new HTTP virtual server in order to assign a > certificate issued for mail.myinternaldomain.local and assign it to an IP > that internal users use. > Is there a limitation on using multiple certificates on the same server? configured the two HTTP servers to use different certificates and different IP addresses? And that neither of those servers is configured to use "All IP Addresses?" And that you're not trying to use host headers for SSL / HTTPS? hello Karl
Thanks for your reply Yes I used a different IP for each virtual server To configure the virtual server I use the IIS console Both web sites are configured to use an IP and not all unassigned The server have 2 different certificates installed And I am aware that host headers will not be used when using HTTPS The other thing is, when I try to configure the SSL port using the exchange system manager, the text box is dimmed. any ideas? Show quoteHide quote "Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message news:%23H6$6kJUFHA.2520@TK2MSFTNGP09.phx.gbl... > > "Sameh Ahmed" <essop***@hotmail.com> wrote in message > news:eSYKP$IUFHA.1148@tk2msftngp13.phx.gbl... > >> is it possible to create multiple secure identities on the same server > using >> several certificates and a secondary IP to be used with each certificate? >> the reason for this question is that people access Exchange 2003 front >> end >> servers from both the internet and through our LAN. > >> So I tried creating a new HTTP virtual server in order to assign a >> certificate issued for mail.myinternaldomain.local and assign it to an IP >> that internal users use. > >> Is there a limitation on using multiple certificates on the same server? > > I believe this should be possible. You didn't say... I assume you > configured the two HTTP servers to use different certificates and > different > IP addresses? And that neither of those servers is configured to use "All > IP Addresses?" And that you're not trying to use host headers for SSL / > HTTPS? > > I'm afraid not, I don't know much about Exchange 2003, such as whether there
is something you must do before you can configure SSL through the Exchange console. Is it possible to configure the two SSL certificates entirely, or initially, through the IIS MMC? Show quoteHide quote "Sameh Ahmed" <essop***@hotmail.com> wrote in message news:OKTZcUKUFHA.952@TK2MSFTNGP10.phx.gbl... > hello Karl > Thanks for your reply > Yes I used a different IP for each virtual server > To configure the virtual server I use the IIS console > Both web sites are configured to use an IP and not all unassigned > The server have 2 different certificates installed > And I am aware that host headers will not be used when using HTTPS > The other thing is, when I try to configure the SSL port using the exchange > system manager, the text box is dimmed. > any ideas? > > > "Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message > news:%23H6$6kJUFHA.2520@TK2MSFTNGP09.phx.gbl... > > > > "Sameh Ahmed" <essop***@hotmail.com> wrote in message > > news:eSYKP$IUFHA.1148@tk2msftngp13.phx.gbl... > > > >> is it possible to create multiple secure identities on the same server > > using > >> several certificates and a secondary IP to be used with each certificate? > >> the reason for this question is that people access Exchange 2003 front > >> end > >> servers from both the internet and through our LAN. > > > >> So I tried creating a new HTTP virtual server in order to assign a > >> certificate issued for mail.myinternaldomain.local and assign it to an IP > >> that internal users use. > > > >> Is there a limitation on using multiple certificates on the same server? > > > > I believe this should be possible. You didn't say... I assume you > > configured the two HTTP servers to use different certificates and > > different > > IP addresses? And that neither of those servers is configured to use "All > > IP Addresses?" And that you're not trying to use host headers for SSL / > > HTTPS? > > > > > > well
I figured it out, just needed to change the certificate Show quoteHide quote "Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message news:ubjOw81UFHA.1384@TK2MSFTNGP09.phx.gbl... > I'm afraid not, I don't know much about Exchange 2003, such as whether > there > is something you must do before you can configure SSL through the Exchange > console. Is it possible to configure the two SSL certificates entirely, > or > initially, through the IIS MMC? > > > "Sameh Ahmed" <essop***@hotmail.com> wrote in message > news:OKTZcUKUFHA.952@TK2MSFTNGP10.phx.gbl... >> hello Karl >> Thanks for your reply >> Yes I used a different IP for each virtual server >> To configure the virtual server I use the IIS console >> Both web sites are configured to use an IP and not all unassigned >> The server have 2 different certificates installed >> And I am aware that host headers will not be used when using HTTPS >> The other thing is, when I try to configure the SSL port using the > exchange >> system manager, the text box is dimmed. >> any ideas? >> >> >> "Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message >> news:%23H6$6kJUFHA.2520@TK2MSFTNGP09.phx.gbl... >> > >> > "Sameh Ahmed" <essop***@hotmail.com> wrote in message >> > news:eSYKP$IUFHA.1148@tk2msftngp13.phx.gbl... >> > >> >> is it possible to create multiple secure identities on the same server >> > using >> >> several certificates and a secondary IP to be used with each > certificate? >> >> the reason for this question is that people access Exchange 2003 front >> >> end >> >> servers from both the internet and through our LAN. >> > >> >> So I tried creating a new HTTP virtual server in order to assign a >> >> certificate issued for mail.myinternaldomain.local and assign it to an > IP >> >> that internal users use. >> > >> >> Is there a limitation on using multiple certificates on the same > server? >> > >> > I believe this should be possible. You didn't say... I assume you >> > configured the two HTTP servers to use different certificates and >> > different >> > IP addresses? And that neither of those servers is configured to use > "All >> > IP Addresses?" And that you're not trying to use host headers for SSL >> > / >> > HTTPS? >> > >> > >> >> > > 
Other interesting topics
IIS6 ASP Crystal DLL
Digest access to UNC share IIS 5.0 - Create Server Certificate Wizard Client Permissions required for Integrated Authentication? Unable to set up client certificate, error 403.7 HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Digest authentication why request for cmd.exe had passed UrlScan.dll? Why rename the IUSR account? Guest book created through Frontpage Selfssl.exe for multiple vhosts |
|||||||||||||||||||||||
