Muliple Websites on Mutliple IP address with certicles [SSL] -- iis security

Jennifer
4/27/2006 3:43:02 PM

From what you are saying even though these are two websites, running on two
different IP address, there is still only one SSL certificate per IIS
instance?

I read this:
http://www.microsoft.com/technet/community/columns/insider/iisi0604.mspx

And that does not seem to be the case. I have created two different
websites, with 2 different IP addresses. According to the article above,
that should work, but it doesn't.

[quoted text, click to view]

Jennifer
4/27/2006 3:51:02 PM

Could the problem be that I am running both SSL certificates on the same port
for both websites.

I should have the sites configured?

IP address 1 port 443
IP address 2 port 444

[quoted text, click to view]

Marcelo Villalón
4/27/2006 6:00:33 PM

By design Windows only accept one certificate working on IIS. But there is
the change to use a wild-card certificate (*.yourdomain.com)

Hope this help

[quoted text, click to view]

Jennifer
4/28/2006 1:48:02 PM

Should it make a difference that even though these are on different IP
addresses, they are still subdomains:

product1.sfwater.org
product2.sfwater.org

As opposed to different domains altogether (as in the above example)

BTW, Thanks for all the great help!

[quoted text, click to view]

Daniel Crichton
4/28/2006 4:31:49 PM

That's not true. It's one SSL certificate per IP address. I have 3 SSL certs
running on my server with 3 different IPs.

Dan

Marcelo wrote on Thu, 27 Apr 2006 18:00:33 -0400:

[quoted text, click to view]

Daniel Crichton
4/28/2006 4:33:53 PM

That should make no difference - I have 3 certs on 3 IPs on my own server
here on Windows 2003:

https://www.compman.co.uk

https://www.bookfellas.co.uk

https://www.sprintbooks.co.uk

As you can see, each has it's own certificate.

Have you checked that the DNS for the second site is returning the correct
IP address? It sounds like it's not, and so you're connecting to the SSL
port on the 1st site and so getting it's certificate, and then being shown
pages from the 2nd site due to the Host: header mapping once the SSL
connection has been negotiated.

Dan

Jennifer wrote on Thu, 27 Apr 2006 15:51:02 -0700:

[quoted text, click to view]

Daniel Crichton
5/2/2006 12:00:00 AM

Jennifer wrote on Fri, 28 Apr 2006 13:48:02 -0700:

[quoted text, click to view]

In that case, can you check with a different browser? I've had issues with
IE6 caching SSL information in the past, but only when using a different
port on the same hostname and IE would display the cert details for
whichever connection was made first eg. SSL on port 443 running IIS, and
RemotelyAnywhere running SSL on port 2001, if I connected IE to RA and then
without closing IE connected to https on IIS, I'd see the information for
the RA certificate in the SSL properties.

Different hostnames with the same domain shouldn't make a difference
compared to my current setup of 3 certs for completely different hostnames.
It might be something messed up in your metabase that is causing one of the
certs to be bound to all sites instead of just the one it should be. Have
you tried removing both certs and reattaching?

Dan

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about iis security

iis security : Muliple Websites on Mutliple IP address with certicles [SSL]