[quoted text, click to view] > For some reason IIS is attempting to direct all https
> traffic to cust1 site regardless of the host name... it should
> just say "no web site is configured blah".
The behavior is by-design, and there is no way to resolve it. SSL websites
cannot use Host header. This is a limitation in SSL, not IIS.
Here is the problem -- Host header is a property of the HTTP request (it is
a request header) and NOT TCP connection, meaning the client transmits this
ENCRYPTED to the server. Now, as a part of the SSL handshake, the server is
supposed to send a server certificate associated with the named website
prior to decrypting this request. BUT, the Host header, which determines
the website and hence server certificate, is encrypted in the very thing
that is being decrypted. Catch-22 situation. Game over.
Thus, SSL can only be assigned by IP:Port. In your case, since all websites
use Host headers as the only distinguishing factor, only ONE website can
ever have SSL. Every HTTPS request will go to this one website, regardless
of Host header, because SSL is identified by ONLY IP:Port.
This is also why you get a "cert is not valid" popup. Web browser made a
request to cust2 but got a SSL certificate from cust1.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view] "Jeffery Anti" <iiisystems@yahoo.com> wrote in message
news:93a6158e.0411241154.6b1c841@posting.google.com...
I have an IIS 5.0 server hosting multiple sites that point to the same
code base. The host is the only part of the FQDN that changes per
customer. The domain for all the sites will always be samedomain.com.
All the sites resolve to the same IP so I use Host Header Name in IIS
to direct traffic. I know this isn't the best way, but it's what I
inherited and I have to make due for now.
"cust1" requires SSL, and "cust2" does not.
Example:
Site in IIS:
cust1.samedomain.com
(SSL ON)
home directory is /inetpub/mastersite
Site in IIS:
cust2.samedomain.com
(SSL OFF)
home directory is /inetpub/mastersite
Hitting httpS://cust1.samedomain.com works properly
Hitting
http://cust2.samedomain.com works properly
Now here's the problem:
Hitting httpS://cust2.samedomain.com results in the end user being
presented w/a Certificate acceptance claiming the cert is not valid
for this site. There is NO cert setup for this site, only cust1 site
has a cert installed. For some reason IIS is attempting to direct all
https traffic to cust1 site regardless of the host name... it should
just say "no web site is configured blah".
How do I resolve this?
BTW: In IIS/Web Site/Web Site Identification/Advanced/
cust1.samedomain.com:80 is the only entry for the site
cust1.samedomain.com, and 443 is the only listing in "Multiple SSL
Identities"
Thanks all.
-Jeff
