all groups > iis security > april 2008 >
You're in the

iis security

group:

IIS / SSL / Site Security / Multiple Sites


IIS / SSL / Site Security / Multiple Sites Travis McGee
4/24/2008 2:51:51 PM
iis security: Have a question about an IIS server with multiple commerce web sites and
single SSL certificate

Here is the scenario (single server, single static IP)
www.TheCompany.com this top level company website has the SSL certificate

www.Product1.com \\CompanyServer\c\web\Product1
www.Product2.com \\CompanyServer\c\web\Product2
www.Product3.com \\CompanyServer\c\web\Product3
they both have their own shopping cart, etc. and their own "payment.asp" or
"payment.aspx" pages, with their own theme.

But I want to handle the credit card number entry screen with https:\\ but
with the existing SSL certificate for TheCompany domain, without buying Wild
Card cert and without dealing with many certificates. How can I do that?

Second acceptable solution is to redirect from Product1.com to
Product1.TheCompany.com/payment.asp, but it causes redirction related
security problems.

Is there any way of solving this issue without changing the URL away from
Product1.com with Frames or some other way so that I can use the single
Certificate. I believe some of the Hosters are doing this kind of stuff.

Any ideas about how it can be done? Thanks a million

Re: IIS / SSL / Site Security / Multiple Sites Ken Schaefer
4/27/2008 3:51:55 PM
No matter how you want to dice this, you are going to run into issues. The
whole idea behind SSL is that (a) the identity of the remote server, and
optionally, the client should be authenticated and (b) the user should know
what URL they are going to. You /may/ be able to get some things working via
reverse proxy or iframes, but eventually you will run into issues.

The solution, if you want to use hosts underneath your main domain (e.g.
product1.company.com) is to get a wildcard certificate. These cost about
$500-600 year (and the price has been coming down)

Or, if you want to use arbitrary top level domains (www.product1.com ,
www.product2.com) then you need one certificate with the various domains
added as Subject Alternate Names (SANs). These cost a bit less than wildcard
certs, but they are still relatively expensive ($300-400/year I believe).

Cheers
Ken

--
My IIS blog: http://adopenstatic.com/blog

[quoted text, click to view]
Re: IIS / SSL / Site Security / Multiple Sites Travis McGee
5/29/2008 11:44:32 AM
Another thing why it started working is that I ran a command line statement
that changes the ....-section:system.webServer/httpErrors - errorMode:
Detailed.

So it is working now....the way IIS 6.0 used to work.

But in general, if a new product is drastically different in its behavior,
then the Help file or Settings Screens should be overcompensating for the
people who are "used to" a certain way. We should not have to use "Google"
to find an answer about why something was a certain way in the past but not
the same way now.


[quoted text, click to view]
Re: IIS / SSL / Site Security / Multiple Sites David Wang
5/30/2008 11:09:37 AM
Unfortunately, you are part of the minority that actually read Help/
documentation which comes with a software product to locate answers.
Many folks tend to not read documentation nor search for answers and
directly ask questions, and those who search tend to pattern-match
their search terms for results.

"Why" something was a certain way in the past and changed is unlikely
to be documented at a prominent location.

I agree that change is disruptive. However, for the magnitude of
change between IIS6 and IIS7, I doubt any documentation/support is
sufficient. The closest would be if every single old screenshot in
IIS6 was dissected to show where the new setting is moved in IIS7.

Personally, I never bother with the UI and directly configure IIS with
its configuration file(s). The UI may change. The server/configuration
rarely changes.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//





On May 29, 8:44=A0am, "Travis McGee" <travisGatesMc...@hotmail.com>
[quoted text, click to view]
Got something to say? Click here to post a reply to this thread.
Don't see what you're looking for? Try a search.
View other messages in the iis security group.
AddThis Social Bookmark Button
View Other Months
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
home · blog · groups Questions? Comments? Contact the dn