|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Do I really need a wild card certificate ?I am trying to set up a virtual directory that uses SSL (at the moment it
just contains index.htm). Once all the various settings are set I can navigate to this page from within my network (but external sites produce a page not found error) If I switch off ‘Require SSL’ I can navigate to the index page no problem (internal and external). I have tried various fixs to this probelm, but I think the issue could be to do with host headers ? We use host headers because we have a few sites hosted on our webserver. My question is do I really need a wildcard cert? I ask because (other than it being a pain/cost to sort out) we host OWA on this sever as well and it uses SSL and does not seam to have a wild card cert ?!?! Well, depending on your needs and number of sites you plan to SSL'ed.
Wildcard cert is typicall more expensive then normal SSL cert, also wildcard cert work at top domain level. e.g. all your sites must have the same *.domain.com, else you need more than 1 cert. With w2k3 SP1, you can sort of have host header work with SSL cert, but take note again the catch here is that all sites must be in same top domain *.domain.com -- Show quoteHide quoteRegards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> wrote in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... >I am trying to set up a virtual directory that uses SSL (at the moment it > just contains index.htm). Once all the various settings are set I can > navigate to this page from within my network (but external sites produce a > page not found error) If I switch off ‘Require SSL’ I can navigate to > the > index page no problem (internal and external). I have tried various fixs > to > this probelm, but I think the issue could be to do with host headers ? > > We use host headers because we have a few sites hosted on our webserver. > My > question is do I really need a wildcard cert? I ask because (other than it > being a pain/cost to sort out) we host OWA on this sever as well and it > uses > SSL and does not seam to have a wild card cert ?!?! At this stage I just want one virtual directory SSL 'ed. This directory sits
under our main site. There are 3 other sites using host headers as well and no SSL (they are from different domains). The main site has the exchange virtual directories under it (which are using SSL already), However with the virtual directory I created I can't get SSL working on external sites. Maybe I am on the wrong track with host headers (as only the main site needs SSL ? and it is already working for exchange ?) IIS is pretty frustrating, as a developer I just want a method of passing secure data to and from remote clients. I am begining to think that I should just encrypt all the traffic in code.....probably easier than messing with the many IIS settings... NOTE: As a developer I only have a light understanding of IIS, we are a small org and cannot afford a specaist in this area. So it could be somthing simple I just need a pointer in the right direction.... ------------------------------------------------------------------------------------------------ Show quoteHide quote "Bernard Cheah [MVP]" wrote: > Well, depending on your needs and number of sites you plan to SSL'ed. > Wildcard cert is typicall more expensive then normal SSL cert, also wildcard > cert work at top domain level. e.g. all your sites must have the same > *.domain.com, else you need more than 1 cert. > > With w2k3 SP1, you can sort of have host header work with SSL cert, but take > note again the catch here is that all sites must be in same top domain > *.domain.com > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> wrote > in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... > >I am trying to set up a virtual directory that uses SSL (at the moment it > > just contains index.htm). Once all the various settings are set I can > > navigate to this page from within my network (but external sites produce a > > page not found error) If I switch off ‘Require SSL’ I can navigate to > > the > > index page no problem (internal and external). I have tried various fixs > > to > > this probelm, but I think the issue could be to do with host headers ? > > > > We use host headers because we have a few sites hosted on our webserver. > > My > > question is do I really need a wildcard cert? I ask because (other than it > > being a pain/cost to sort out) we host OWA on this sever as well and it > > uses > > SSL and does not seam to have a wild card cert ?!?! > > > For starter, SSL cert bind to website level, you can't install cert on
virtual directory/file level, however you can control SSL requirement all the way from site to directories or even file level.... Now, I don't get you on -> I can't get SSL working on external sites. External site is your main site? http:// working but not https:// what do you get when you browse under https ? -- Show quoteHide quoteRegards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> wrote in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... > At this stage I just want one virtual directory SSL 'ed. This directory > sits > under our main site. There are 3 other sites using host headers as well > and > no SSL (they are from different domains). > > The main site has the exchange virtual directories under it (which are > using > SSL already), However with the virtual directory I created I can't get SSL > working on external sites. Maybe I am on the wrong track with host headers > (as only the main site needs SSL ? and it is already working for exchange > ?) > > IIS is pretty frustrating, as a developer I just want a method of passing > secure data to and from remote clients. I am begining to think that I > should > just encrypt all the traffic in code.....probably easier than messing with > the many IIS settings... > > NOTE: As a developer I only have a light understanding of IIS, we are a > small org and cannot afford a specaist in this area. So it could be > somthing > simple I just need a pointer in the right direction.... > > ------------------------------------------------------------------------------------------------ > > "Bernard Cheah [MVP]" wrote: > >> Well, depending on your needs and number of sites you plan to SSL'ed. >> Wildcard cert is typicall more expensive then normal SSL cert, also >> wildcard >> cert work at top domain level. e.g. all your sites must have the same >> *.domain.com, else you need more than 1 cert. >> >> With w2k3 SP1, you can sort of have host header work with SSL cert, but >> take >> note again the catch here is that all sites must be in same top domain >> *.domain.com >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> >> wrote >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... >> >I am trying to set up a virtual directory that uses SSL (at the moment >> >it >> > just contains index.htm). Once all the various settings are set I can >> > navigate to this page from within my network (but external sites >> > produce a >> > page not found error) If I switch off ‘Require SSL’ I can navigate >> > to >> > the >> > index page no problem (internal and external). I have tried various >> > fixs >> > to >> > this probelm, but I think the issue could be to do with host headers ? >> > >> > We use host headers because we have a few sites hosted on our >> > webserver. >> > My >> > question is do I really need a wildcard cert? I ask because (other than >> > it >> > being a pain/cost to sort out) we host OWA on this sever as well and it >> > uses >> > SSL and does not seam to have a wild card cert ?!?! >> >> >> "Bernard Cheah [MVP]" <qbern***@hotmail.com.discuss> wrote in message That sounds an awful lot like the network address translation in to the news:OZKvFdIVGHA.5332@TK2MSFTNGP10.phx.gbl... > For starter, SSL cert bind to website level, you can't install cert on > virtual directory/file level, however you can control SSL requirement all > the way from site to directories or even file level.... > > Now, I don't get you on -> I can't get SSL working on external sites. > > External site is your main site? http:// working but not https:// what do > you get when you browse under https ? > local network is wrong. Or that the IP on the cert is not bound to the IP that the router/firewall is translating in or something. Maybe if you posted all of the details of the DNS resolution and the IPs for the devices someone could point out the error. Likewise, check the port translation and the IPs. You might be sending port 80 (http) to some place else entirely, and port 443 (https) is the one that is actually translated correctly. > Now, I don't get you on -> I can't get SSL working on external sites. Answer:When I browse to the SSL enabled virtual directory from within my work network (ie from my development machine) by providing IE with the full URL to the resource I want to open, IE displays the page correctly. This URL starts off Https:// because SSL is enabled on the virtual directory. However when I go home (out side of my work net wetwork) and try this Https:// url on my home computer I get the posted error ('The resource cannot be found.'). If uncheck the SSL property on the virtual directory, I can view the page no problems form both locations. Note:By main site, I mean the first site setup and the one that gets the most traffic Show quoteHide quote "Bernard Cheah [MVP]" wrote: > For starter, SSL cert bind to website level, you can't install cert on > virtual directory/file level, however you can control SSL requirement all > the way from site to directories or even file level.... > > Now, I don't get you on -> I can't get SSL working on external sites. > > External site is your main site? http:// working but not https:// what do > you get when you browse under https ? > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> wrote > in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... > > At this stage I just want one virtual directory SSL 'ed. This directory > > sits > > under our main site. There are 3 other sites using host headers as well > > and > > no SSL (they are from different domains). > > > > The main site has the exchange virtual directories under it (which are > > using > > SSL already), However with the virtual directory I created I can't get SSL > > working on external sites. Maybe I am on the wrong track with host headers > > (as only the main site needs SSL ? and it is already working for exchange > > ?) > > > > IIS is pretty frustrating, as a developer I just want a method of passing > > secure data to and from remote clients. I am begining to think that I > > should > > just encrypt all the traffic in code.....probably easier than messing with > > the many IIS settings... > > > > NOTE: As a developer I only have a light understanding of IIS, we are a > > small org and cannot afford a specaist in this area. So it could be > > somthing > > simple I just need a pointer in the right direction.... > > > > ------------------------------------------------------------------------------------------------ > > > > "Bernard Cheah [MVP]" wrote: > > > >> Well, depending on your needs and number of sites you plan to SSL'ed. > >> Wildcard cert is typicall more expensive then normal SSL cert, also > >> wildcard > >> cert work at top domain level. e.g. all your sites must have the same > >> *.domain.com, else you need more than 1 cert. > >> > >> With w2k3 SP1, you can sort of have host header work with SSL cert, but > >> take > >> note again the catch here is that all sites must be in same top domain > >> *.domain.com > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis-resources.com/ > >> http://www.iiswebcastseries.com/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> > >> wrote > >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... > >> >I am trying to set up a virtual directory that uses SSL (at the moment > >> >it > >> > just contains index.htm). Once all the various settings are set I can > >> > navigate to this page from within my network (but external sites > >> > produce a > >> > page not found error) If I switch off ‘Require SSL’ I can navigate > >> > to > >> > the > >> > index page no problem (internal and external). I have tried various > >> > fixs > >> > to > >> > this probelm, but I think the issue could be to do with host headers ? > >> > > >> > We use host headers because we have a few sites hosted on our > >> > webserver. > >> > My > >> > question is do I really need a wildcard cert? I ask because (other than > >> > it > >> > being a pain/cost to sort out) we host OWA on this sever as well and it > >> > uses > >> > SSL and does not seam to have a wild card cert ?!?! > >> > >> > >> > > > In this case, this is more related to network question as internally the
https site is working fine. check: - if you can ping the server from remote side - check if the firewall allow port 443 traffic (https) to your server browsing the site http:// no problem? -- Show quoteHide quoteRegards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> wrote in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com... >> Now, I don't get you on -> I can't get SSL working on external sites. > > Answer: > When I browse to the SSL enabled virtual directory from within my work > network (ie from my development machine) by providing IE with the full URL > to > the resource I want to open, IE displays the page correctly. This URL > starts > off Https:// because SSL is enabled on the virtual directory. However when > I > go home (out side of my work net wetwork) and try this Https:// url on my > home computer I get the posted error ('The resource cannot be found.'). If > uncheck the SSL property on the virtual directory, I can view the page no > problems form both locations. > > Note:By main site, I mean the first site setup and the one that gets the > most traffic > > "Bernard Cheah [MVP]" wrote: > >> For starter, SSL cert bind to website level, you can't install cert on >> virtual directory/file level, however you can control SSL requirement all >> the way from site to directories or even file level.... >> >> Now, I don't get you on -> I can't get SSL working on external sites. >> >> External site is your main site? http:// working but not https:// what >> do >> you get when you browse under https ? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> >> wrote >> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... >> > At this stage I just want one virtual directory SSL 'ed. This directory >> > sits >> > under our main site. There are 3 other sites using host headers as well >> > and >> > no SSL (they are from different domains). >> > >> > The main site has the exchange virtual directories under it (which are >> > using >> > SSL already), However with the virtual directory I created I can't get >> > SSL >> > working on external sites. Maybe I am on the wrong track with host >> > headers >> > (as only the main site needs SSL ? and it is already working for >> > exchange >> > ?) >> > >> > IIS is pretty frustrating, as a developer I just want a method of >> > passing >> > secure data to and from remote clients. I am begining to think that I >> > should >> > just encrypt all the traffic in code.....probably easier than messing >> > with >> > the many IIS settings... >> > >> > NOTE: As a developer I only have a light understanding of IIS, we are a >> > small org and cannot afford a specaist in this area. So it could be >> > somthing >> > simple I just need a pointer in the right direction.... >> > >> > ------------------------------------------------------------------------------------------------ >> > >> > "Bernard Cheah [MVP]" wrote: >> > >> >> Well, depending on your needs and number of sites you plan to SSL'ed. >> >> Wildcard cert is typicall more expensive then normal SSL cert, also >> >> wildcard >> >> cert work at top domain level. e.g. all your sites must have the same >> >> *.domain.com, else you need more than 1 cert. >> >> >> >> With w2k3 SP1, you can sort of have host header work with SSL cert, >> >> but >> >> take >> >> note again the catch here is that all sites must be in same top domain >> >> *.domain.com >> >> >> >> -- >> >> Regards, >> >> Bernard Cheah >> >> http://www.iis-resources.com/ >> >> http://www.iiswebcastseries.com/ >> >> http://msmvps.com/blogs/bernard/ >> >> >> >> >> >> "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> >> >> wrote >> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... >> >> >I am trying to set up a virtual directory that uses SSL (at the >> >> >moment >> >> >it >> >> > just contains index.htm). Once all the various settings are set I >> >> > can >> >> > navigate to this page from within my network (but external sites >> >> > produce a >> >> > page not found error) If I switch off ‘Require SSL’ I can >> >> > navigate >> >> > to >> >> > the >> >> > index page no problem (internal and external). I have tried various >> >> > fixs >> >> > to >> >> > this probelm, but I think the issue could be to do with host headers >> >> > ? >> >> > >> >> > We use host headers because we have a few sites hosted on our >> >> > webserver. >> >> > My >> >> > question is do I really need a wildcard cert? I ask because (other >> >> > than >> >> > it >> >> > being a pain/cost to sort out) we host OWA on this sever as well and >> >> > it >> >> > uses >> >> > SSL and does not seam to have a wild card cert ?!?! >> >> >> >> >> >> >> >> >> Looks like you and Funkadyleik are correct it is a network issue, recently we
had problems with our OWA so a contractor was cllaed in to fix it. He set up OWA on another machine and redirected port 443 traffic to this new box (via the router/netscreen/firewall thingys) So that explains the behaviour I experienced; my traffic (from outside the network that goes through the router) was being diverted to a machine with none of my pages on it. Hence page not found errors I guess..... Phew.. I am glad I am not going mad. Now I know what the issue is I can work towards fixing it (probably get another IP address I guess). Thanks to both of you for taking the time to answer my questions. I would never have found the problem otherwise. Show quoteHide quote "Bernard Cheah [MVP]" wrote: > In this case, this is more related to network question as internally the > https site is working fine. > check: > - if you can ping the server from remote side > - check if the firewall allow port 443 traffic (https) to your server > > browsing the site http:// no problem? > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> wrote > in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com... > >> Now, I don't get you on -> I can't get SSL working on external sites. > > > > Answer: > > When I browse to the SSL enabled virtual directory from within my work > > network (ie from my development machine) by providing IE with the full URL > > to > > the resource I want to open, IE displays the page correctly. This URL > > starts > > off Https:// because SSL is enabled on the virtual directory. However when > > I > > go home (out side of my work net wetwork) and try this Https:// url on my > > home computer I get the posted error ('The resource cannot be found.'). If > > uncheck the SSL property on the virtual directory, I can view the page no > > problems form both locations. > > > > Note:By main site, I mean the first site setup and the one that gets the > > most traffic > > > > "Bernard Cheah [MVP]" wrote: > > > >> For starter, SSL cert bind to website level, you can't install cert on > >> virtual directory/file level, however you can control SSL requirement all > >> the way from site to directories or even file level.... > >> > >> Now, I don't get you on -> I can't get SSL working on external sites. > >> > >> External site is your main site? http:// working but not https:// what > >> do > >> you get when you browse under https ? > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis-resources.com/ > >> http://www.iiswebcastseries.com/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> > >> wrote > >> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... > >> > At this stage I just want one virtual directory SSL 'ed. This directory > >> > sits > >> > under our main site. There are 3 other sites using host headers as well > >> > and > >> > no SSL (they are from different domains). > >> > > >> > The main site has the exchange virtual directories under it (which are > >> > using > >> > SSL already), However with the virtual directory I created I can't get > >> > SSL > >> > working on external sites. Maybe I am on the wrong track with host > >> > headers > >> > (as only the main site needs SSL ? and it is already working for > >> > exchange > >> > ?) > >> > > >> > IIS is pretty frustrating, as a developer I just want a method of > >> > passing > >> > secure data to and from remote clients. I am begining to think that I > >> > should > >> > just encrypt all the traffic in code.....probably easier than messing > >> > with > >> > the many IIS settings... > >> > > >> > NOTE: As a developer I only have a light understanding of IIS, we are a > >> > small org and cannot afford a specaist in this area. So it could be > >> > somthing > >> > simple I just need a pointer in the right direction.... > >> > > >> > ------------------------------------------------------------------------------------------------ > >> > > >> > "Bernard Cheah [MVP]" wrote: > >> > > >> >> Well, depending on your needs and number of sites you plan to SSL'ed. > >> >> Wildcard cert is typicall more expensive then normal SSL cert, also > >> >> wildcard > >> >> cert work at top domain level. e.g. all your sites must have the same > >> >> *.domain.com, else you need more than 1 cert. > >> >> > >> >> With w2k3 SP1, you can sort of have host header work with SSL cert, > >> >> but > >> >> take > >> >> note again the catch here is that all sites must be in same top domain > >> >> *.domain.com > >> >> > >> >> -- > >> >> Regards, > >> >> Bernard Cheah > >> >> http://www.iis-resources.com/ > >> >> http://www.iiswebcastseries.com/ > >> >> http://msmvps.com/blogs/bernard/ > >> >> > >> >> > >> >> "Mike_IntermediateVB" <MikeIntermediat***@discussions.microsoft.com> > >> >> wrote > >> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... > >> >> >I am trying to set up a virtual directory that uses SSL (at the > >> >> >moment > >> >> >it > >> >> > just contains index.htm). Once all the various settings are set I > >> >> > can > >> >> > navigate to this page from within my network (but external sites > >> >> > produce a > >> >> > page not found error) If I switch off ‘Require SSL’ I can > >> >> > navigate > >> >> > to > >> >> > the > >> >> > index page no problem (internal and external). I have tried various > >> >> > fixs > >> >> > to > >> >> > this probelm, but I think the issue could be to do with host headers > >> >> > ? > >> >> > > >> >> > We use host headers because we have a few sites hosted on our > >> >> > webserver. > >> >> > My > >> >> > question is do I really need a wildcard cert? I ask because (other > >> >> > than > >> >> > it > >> >> > being a pain/cost to sort out) we host OWA on this sever as well and > >> >> > it > >> >> > uses > >> >> > SSL and does not seam to have a wild card cert ?!?! > >> >> > >> >> > >> >> > >> > >> > >> > > > 
Other interesting topics
Restricting IIS from serving static content
Anonymous Account not working IIS 5 allows anonymous editing via Frontpage IIS6 'forgets' "Connect As" password for Virtual Directory Passing form credentials to windows security 403 (Forbidden) after setting up SSL Redirect IIS and enterpise sub CA on different machines run cgi in localhost without SSL? BIN Directory being hidden automatically Single authentication for multiple IIS 6 servers |
|||||||||||||||||||||||
