| Groups | Blog | Home |
iis security : Do I really need a wild card certificate ?
just contains index.htm). Once all the various settings are set I can navigate to this page from within my network (but external sites produce a page not found error) If I switch off ‘Require SSL’ I can navigate to the index page no problem (internal and external). I have tried various fixs to this probelm, but I think the issue could be to do with host headers ? We use host headers because we have a few sites hosted on our webserver. My question is do I really need a wildcard cert? I ask because (other than it being a pain/cost to sort out) we host OWA on this sever as well and it uses
At this stage I just want one virtual directory SSL 'ed. This directory sits
under our main site. There are 3 other sites using host headers as well and no SSL (they are from different domains). The main site has the exchange virtual directories under it (which are using SSL already), However with the virtual directory I created I can't get SSL working on external sites. Maybe I am on the wrong track with host headers (as only the main site needs SSL ? and it is already working for exchange ?) IIS is pretty frustrating, as a developer I just want a method of passing secure data to and from remote clients. I am begining to think that I should just encrypt all the traffic in code.....probably easier than messing with the many IIS settings... NOTE: As a developer I only have a light understanding of IIS, we are a small org and cannot afford a specaist in this area. So it could be somthing simple I just need a pointer in the right direction.... ------------------------------------------------------------------------------------------------ [quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> Well, depending on your needs and number of sites you plan to SSL'ed. > Wildcard cert is typicall more expensive then normal SSL cert, also wildcard > cert work at top domain level. e.g. all your sites must have the same > *.domain.com, else you need more than 1 cert. > > With w2k3 SP1, you can sort of have host header work with SSL cert, but take > note again the catch here is that all sites must be in same top domain > *.domain.com > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote > in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... > >I am trying to set up a virtual directory that uses SSL (at the moment it > > just contains index.htm). Once all the various settings are set I can > > navigate to this page from within my network (but external sites produce a > > page not found error) If I switch off ‘Require SSL’ I can navigate to > > the > > index page no problem (internal and external). I have tried various fixs > > to > > this probelm, but I think the issue could be to do with host headers ? > > > > We use host headers because we have a few sites hosted on our webserver. > > My > > question is do I really need a wildcard cert? I ask because (other than it > > being a pain/cost to sort out) we host OWA on this sever as well and it > > uses > > SSL and does not seam to have a wild card cert ?!?! > >
For starter, SSL cert bind to website level, you can't install cert on
virtual directory/file level, however you can control SSL requirement all the way from site to directories or even file level.... Now, I don't get you on -> I can't get SSL working on external sites. External site is your main site? http:// working but not https:// what do you get when you browse under https ? -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... > At this stage I just want one virtual directory SSL 'ed. This directory > sits > under our main site. There are 3 other sites using host headers as well > and > no SSL (they are from different domains). > > The main site has the exchange virtual directories under it (which are > using > SSL already), However with the virtual directory I created I can't get SSL > working on external sites. Maybe I am on the wrong track with host headers > (as only the main site needs SSL ? and it is already working for exchange > ?) > > IIS is pretty frustrating, as a developer I just want a method of passing > secure data to and from remote clients. I am begining to think that I > should > just encrypt all the traffic in code.....probably easier than messing with > the many IIS settings... > > NOTE: As a developer I only have a light understanding of IIS, we are a > small org and cannot afford a specaist in this area. So it could be > somthing > simple I just need a pointer in the right direction.... > > ------------------------------------------------------------------------------------------------ > > "Bernard Cheah [MVP]" wrote: > >> Well, depending on your needs and number of sites you plan to SSL'ed. >> Wildcard cert is typicall more expensive then normal SSL cert, also >> wildcard >> cert work at top domain level. e.g. all your sites must have the same >> *.domain.com, else you need more than 1 cert. >> >> With w2k3 SP1, you can sort of have host header work with SSL cert, but >> take >> note again the catch here is that all sites must be in same top domain >> *.domain.com >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> >> wrote >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... >> >I am trying to set up a virtual directory that uses SSL (at the moment >> >it >> > just contains index.htm). Once all the various settings are set I can >> > navigate to this page from within my network (but external sites >> > produce a >> > page not found error) If I switch off ‘Require SSL’ I can navigate >> > to >> > the >> > index page no problem (internal and external). I have tried various >> > fixs >> > to >> > this probelm, but I think the issue could be to do with host headers ? >> > >> > We use host headers because we have a few sites hosted on our >> > webserver. >> > My >> > question is do I really need a wildcard cert? I ask because (other than >> > it >> > being a pain/cost to sort out) we host OWA on this sever as well and it >> > uses >> > SSL and does not seam to have a wild card cert ?!?! >> >> >>
Well, depending on your needs and number of sites you plan to SSL'ed.
Wildcard cert is typicall more expensive then normal SSL cert, also wildcard cert work at top domain level. e.g. all your sites must have the same *.domain.com, else you need more than 1 cert. With w2k3 SP1, you can sort of have host header work with SSL cert, but take note again the catch here is that all sites must be in same top domain *.domain.com -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... >I am trying to set up a virtual directory that uses SSL (at the moment it > just contains index.htm). Once all the various settings are set I can > navigate to this page from within my network (but external sites produce a > page not found error) If I switch off ‘Require SSL’ I can navigate to > the > index page no problem (internal and external). I have tried various fixs > to > this probelm, but I think the issue could be to do with host headers ? > > We use host headers because we have a few sites hosted on our webserver. > My > question is do I really need a wildcard cert? I ask because (other than it > being a pain/cost to sort out) we host OWA on this sever as well and it > uses > SSL and does not seam to have a wild card cert ?!?!
[quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message news:OZKvFdIVGHA.5332@TK2MSFTNGP10.phx.gbl... > For starter, SSL cert bind to website level, you can't install cert on > virtual directory/file level, however you can control SSL requirement all > the way from site to directories or even file level.... > > Now, I don't get you on -> I can't get SSL working on external sites. > > External site is your main site? http:// working but not https:// what do > you get when you browse under https ? > That sounds an awful lot like the network address translation in to the local network is wrong. Or that the IP on the cert is not bound to the IP that the router/firewall is translating in or something. Maybe if you posted all of the details of the DNS resolution and the IPs for the devices someone could point out the error. Likewise, check the port translation and the IPs. You might be sending port 80 (http) to some place else entirely, and port 443 (https) is the one that is actually translated correctly.
[quoted text, click to view]
> Now, I don't get you on -> I can't get SSL working on external sites. Answer: When I browse to the SSL enabled virtual directory from within my work network (ie from my development machine) by providing IE with the full URL to the resource I want to open, IE displays the page correctly. This URL starts off Https:// because SSL is enabled on the virtual directory. However when I go home (out side of my work net wetwork) and try this Https:// url on my home computer I get the posted error ('The resource cannot be found.'). If uncheck the SSL property on the virtual directory, I can view the page no problems form both locations. Note:By main site, I mean the first site setup and the one that gets the most traffic [quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> For starter, SSL cert bind to website level, you can't install cert on > virtual directory/file level, however you can control SSL requirement all > the way from site to directories or even file level.... > > Now, I don't get you on -> I can't get SSL working on external sites. > > External site is your main site? http:// working but not https:// what do > you get when you browse under https ? > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote > in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... > > At this stage I just want one virtual directory SSL 'ed. This directory > > sits > > under our main site. There are 3 other sites using host headers as well > > and > > no SSL (they are from different domains). > > > > The main site has the exchange virtual directories under it (which are > > using > > SSL already), However with the virtual directory I created I can't get SSL > > working on external sites. Maybe I am on the wrong track with host headers > > (as only the main site needs SSL ? and it is already working for exchange > > ?) > > > > IIS is pretty frustrating, as a developer I just want a method of passing > > secure data to and from remote clients. I am begining to think that I > > should > > just encrypt all the traffic in code.....probably easier than messing with > > the many IIS settings... > > > > NOTE: As a developer I only have a light understanding of IIS, we are a > > small org and cannot afford a specaist in this area. So it could be > > somthing > > simple I just need a pointer in the right direction.... > > > > ------------------------------------------------------------------------------------------------ > > > > "Bernard Cheah [MVP]" wrote: > > > >> Well, depending on your needs and number of sites you plan to SSL'ed. > >> Wildcard cert is typicall more expensive then normal SSL cert, also > >> wildcard > >> cert work at top domain level. e.g. all your sites must have the same > >> *.domain.com, else you need more than 1 cert. > >> > >> With w2k3 SP1, you can sort of have host header work with SSL cert, but > >> take > >> note again the catch here is that all sites must be in same top domain > >> *.domain.com > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis-resources.com/ > >> http://www.iiswebcastseries.com/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> > >> wrote > >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... > >> >I am trying to set up a virtual directory that uses SSL (at the moment > >> >it > >> > just contains index.htm). Once all the various settings are set I can > >> > navigate to this page from within my network (but external sites > >> > produce a > >> > page not found error) If I switch off ‘Require SSL’ I can navigate > >> > to > >> > the > >> > index page no problem (internal and external). I have tried various > >> > fixs > >> > to > >> > this probelm, but I think the issue could be to do with host headers ? > >> > > >> > We use host headers because we have a few sites hosted on our > >> > webserver. > >> > My > >> > question is do I really need a wildcard cert? I ask because (other than > >> > it > >> > being a pain/cost to sort out) we host OWA on this sever as well and it > >> > uses > >> > SSL and does not seam to have a wild card cert ?!?! > >> > >> > >> > >
In this case, this is more related to network question as internally the
https site is working fine. check: - if you can ping the server from remote side - check if the firewall allow port 443 traffic (https) to your server browsing the site http:// no problem? -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com... >> Now, I don't get you on -> I can't get SSL working on external sites. > > Answer: > When I browse to the SSL enabled virtual directory from within my work > network (ie from my development machine) by providing IE with the full URL > to > the resource I want to open, IE displays the page correctly. This URL > starts > off Https:// because SSL is enabled on the virtual directory. However when > I > go home (out side of my work net wetwork) and try this Https:// url on my > home computer I get the posted error ('The resource cannot be found.'). If > uncheck the SSL property on the virtual directory, I can view the page no > problems form both locations. > > Note:By main site, I mean the first site setup and the one that gets the > most traffic > > "Bernard Cheah [MVP]" wrote: > >> For starter, SSL cert bind to website level, you can't install cert on >> virtual directory/file level, however you can control SSL requirement all >> the way from site to directories or even file level.... >> >> Now, I don't get you on -> I can't get SSL working on external sites. >> >> External site is your main site? http:// working but not https:// what >> do >> you get when you browse under https ? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> >> wrote >> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... >> > At this stage I just want one virtual directory SSL 'ed. This directory >> > sits >> > under our main site. There are 3 other sites using host headers as well >> > and >> > no SSL (they are from different domains). >> > >> > The main site has the exchange virtual directories under it (which are >> > using >> > SSL already), However with the virtual directory I created I can't get >> > SSL >> > working on external sites. Maybe I am on the wrong track with host >> > headers >> > (as only the main site needs SSL ? and it is already working for >> > exchange >> > ?) >> > >> > IIS is pretty frustrating, as a developer I just want a method of >> > passing >> > secure data to and from remote clients. I am begining to think that I >> > should >> > just encrypt all the traffic in code.....probably easier than messing >> > with >> > the many IIS settings... >> > >> > NOTE: As a developer I only have a light understanding of IIS, we are a >> > small org and cannot afford a specaist in this area. So it could be >> > somthing >> > simple I just need a pointer in the right direction.... >> > >> > ------------------------------------------------------------------------------------------------ >> > >> > "Bernard Cheah [MVP]" wrote: >> > >> >> Well, depending on your needs and number of sites you plan to SSL'ed. >> >> Wildcard cert is typicall more expensive then normal SSL cert, also >> >> wildcard >> >> cert work at top domain level. e.g. all your sites must have the same >> >> *.domain.com, else you need more than 1 cert. >> >> >> >> With w2k3 SP1, you can sort of have host header work with SSL cert, >> >> but >> >> take >> >> note again the catch here is that all sites must be in same top domain >> >> *.domain.com >> >> >> >> -- >> >> Regards, >> >> Bernard Cheah >> >> http://www.iis-resources.com/ >> >> http://www.iiswebcastseries.com/ >> >> http://msmvps.com/blogs/bernard/ >> >> >> >> >> >> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> >> >> wrote >> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... >> >> >I am trying to set up a virtual directory that uses SSL (at the >> >> >moment >> >> >it >> >> > just contains index.htm). Once all the various settings are set I >> >> > can >> >> > navigate to this page from within my network (but external sites >> >> > produce a >> >> > page not found error) If I switch off ‘Require SSL’ I can >> >> > navigate >> >> > to >> >> > the >> >> > index page no problem (internal and external). I have tried various >> >> > fixs >> >> > to >> >> > this probelm, but I think the issue could be to do with host headers >> >> > ? >> >> > >> >> > We use host headers because we have a few sites hosted on our >> >> > webserver. >> >> > My >> >> > question is do I really need a wildcard cert? I ask because (other >> >> > than >> >> > it >> >> > being a pain/cost to sort out) we host OWA on this sever as well and >> >> > it >> >> > uses >> >> > SSL and does not seam to have a wild card cert ?!?! >> >> >> >> >> >> >> >> >>
Looks like you and Funkadyleik are correct it is a network issue, recently we
had problems with our OWA so a contractor was cllaed in to fix it. He set up OWA on another machine and redirected port 443 traffic to this new box (via the router/netscreen/firewall thingys) So that explains the behaviour I experienced; my traffic (from outside the network that goes through the router) was being diverted to a machine with none of my pages on it. Hence page not found errors I guess..... Phew.. I am glad I am not going mad. Now I know what the issue is I can work towards fixing it (probably get another IP address I guess). Thanks to both of you for taking the time to answer my questions. I would never have found the problem otherwise. [quoted text, click to view] "Bernard Cheah [MVP]" wrote:
> In this case, this is more related to network question as internally the > https site is working fine. > check: > - if you can ping the server from remote side > - check if the firewall allow port 443 traffic (https) to your server > > browsing the site http:// no problem? > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> wrote > in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com... > >> Now, I don't get you on -> I can't get SSL working on external sites. > > > > Answer: > > When I browse to the SSL enabled virtual directory from within my work > > network (ie from my development machine) by providing IE with the full URL > > to > > the resource I want to open, IE displays the page correctly. This URL > > starts > > off Https:// because SSL is enabled on the virtual directory. However when > > I > > go home (out side of my work net wetwork) and try this Https:// url on my > > home computer I get the posted error ('The resource cannot be found.'). If > > uncheck the SSL property on the virtual directory, I can view the page no > > problems form both locations. > > > > Note:By main site, I mean the first site setup and the one that gets the > > most traffic > > > > "Bernard Cheah [MVP]" wrote: > > > >> For starter, SSL cert bind to website level, you can't install cert on > >> virtual directory/file level, however you can control SSL requirement all > >> the way from site to directories or even file level.... > >> > >> Now, I don't get you on -> I can't get SSL working on external sites. > >> > >> External site is your main site? http:// working but not https:// what > >> do > >> you get when you browse under https ? > >> > >> -- > >> Regards, > >> Bernard Cheah > >> http://www.iis-resources.com/ > >> http://www.iiswebcastseries.com/ > >> http://msmvps.com/blogs/bernard/ > >> > >> > >> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> > >> wrote > >> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com... > >> > At this stage I just want one virtual directory SSL 'ed. This directory > >> > sits > >> > under our main site. There are 3 other sites using host headers as well > >> > and > >> > no SSL (they are from different domains). > >> > > >> > The main site has the exchange virtual directories under it (which are > >> > using > >> > SSL already), However with the virtual directory I created I can't get > >> > SSL > >> > working on external sites. Maybe I am on the wrong track with host > >> > headers > >> > (as only the main site needs SSL ? and it is already working for > >> > exchange > >> > ?) > >> > > >> > IIS is pretty frustrating, as a developer I just want a method of > >> > passing > >> > secure data to and from remote clients. I am begining to think that I > >> > should > >> > just encrypt all the traffic in code.....probably easier than messing > >> > with > >> > the many IIS settings... > >> > > >> > NOTE: As a developer I only have a light understanding of IIS, we are a > >> > small org and cannot afford a specaist in this area. So it could be > >> > somthing > >> > simple I just need a pointer in the right direction.... > >> > > >> > ------------------------------------------------------------------------------------------------ > >> > > >> > "Bernard Cheah [MVP]" wrote: > >> > > >> >> Well, depending on your needs and number of sites you plan to SSL'ed. > >> >> Wildcard cert is typicall more expensive then normal SSL cert, also > >> >> wildcard > >> >> cert work at top domain level. e.g. all your sites must have the same > >> >> *.domain.com, else you need more than 1 cert. > >> >> > >> >> With w2k3 SP1, you can sort of have host header work with SSL cert, > >> >> but > >> >> take > >> >> note again the catch here is that all sites must be in same top domain > >> >> *.domain.com > >> >> > >> >> -- > >> >> Regards, > >> >> Bernard Cheah > >> >> http://www.iis-resources.com/ > >> >> http://www.iiswebcastseries.com/ > >> >> http://msmvps.com/blogs/bernard/ > >> >> > >> >> > >> >> "Mike_IntermediateVB" <MikeIntermediateVB@discussions.microsoft.com> > >> >> wrote > >> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com... > >> >> >I am trying to set up a virtual directory that uses SSL (at the > >> >> >moment > >> >> >it > >> >> > just contains index.htm). Once all the various settings are set I > >> >> > can > >> >> > navigate to this page from within my network (but external sites > >> >> > produce a > >> >> > page not found error) If I switch off ‘Require SSL’ I can > >> >> > navigate > >> >> > to > >> >> > the > >> >> > index page no problem (internal and external). I have tried various > >> >> > fixs > >> >> > to > >> >> > this probelm, but I think the issue could be to do with host headers > >> >> > ? > >> >> > > >> >> > We use host headers because we have a few sites hosted on our > >> >> > webserver. > >> >> > My > >> >> > question is do I really need a wildcard cert? I ask because (other > >> >> > than > >> >> > it > >> >> > being a pain/cost to sort out) we host OWA on this sever as well and > >> >> > it > >> >> > uses > >> >> > SSL and does not seam to have a wild card cert ?!?! > >> >> > >> >> > >> >> > >> > >> > >> > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |