Announcement

Collapse
No announcement yet.

URGENT: IIS 6 SSL w/ subdomain via host headers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • URGENT: IIS 6 SSL w/ subdomain via host headers

    Everyone,

    I am hoping you can help me out here. I am trying to secure a subdomain site in our webserver with SSL. I spoke with the company I purchased the cert from and they stated that I did not need a wildcard cert to protect just this one subdomain. Our main site does not need SSL but our subdomain hosts an app that we need secured.

    I got the cert request thru the IIS UI, sent the encrypted file to the host and got my cert back. I again went through the wizard to complete a "pending cert request" and installed the cert. (I think?!?!) When I click view certificate in the properties box it shows the certificate and everything looks good.

    I went to test it via the broweser on the webserver and I am getting an error that the site cannot be found when I punch in the https://. If I go back to http:// it brings it up just fine. So now I am not sure where I am going wrong. I did some ing to see what I missed on the cert install. That is when I came across this: http://www.microsoft.com/technet/pro....mspx?mfr=true

    The part that concerns me is when I clicked on the link about host headers (since I have that setup) I found this: http://www.microsoft.com/technet/pro....mspx?mfr=true which seems to indicate that for a hostheader setup I need a wildcard cert for everything.

    This makes me question the answer I received about not needing a wildcard cert for my setup. Does anyone know if I need to get a wildcard cert to protect a subdomain via host header? Even though I do not want to protect all sites, only the one subdomain???

    Please help
    Last edited by kxcntry99; 16th October 2009, 14:30.

  • #2
    Re: URGENT: IIS 6 SSL w/ subdomain via host headers

    OK I've done some more research and it does indeed look like what I am trying to do would require a wildcard SSL cert. Apparently the basics of SSL and the way the handshake works makes it impossible to use a SSL cert on a subdomain using host headers.

    So.....wildcard certs cost A LOT more. What I am thinking is this. I only need to host 2 sites on the same server. Right now I only have one NIC in the server. If I put a second one in and assign it its own IP is there a way to use DNS inside my netwrok to point requests to each of the NIC's???

    For example can i setup DNS to send requests for www.mycompany.com to 192.168.1.1 and send requests for www.myapp.mycompany.com to 192.168.1.2 both being the same machine but two different IP's still using only my single WAN IP?

    Is this possible? How?

    Comment


    • #3
      Re: URGENT: IIS 6 SSL w/ subdomain via host headers

      You don't need a second NIC, just add another ip address to the NIC that's already in the server. Then create a new web site in IIS for the SSL site and bind it to the new ip address. Make sure that the original site is bound to the original ip address and not set to "All Unassigned". Attach your SSL cert to the new site and configure your router or firewall to route port 443 traffic to the new ip address.

      Comment


      • #4
        Re: URGENT: IIS 6 SSL w/ subdomain via host headers

        Originally posted by joeqwerty View Post
        You don't need a second NIC, just add another ip address to the NIC that's already in the server. Then create a new web site in IIS for the SSL site and bind it to the new ip address. Make sure that the original site is bound to the original ip address and not set to "All Unassigned". Attach your SSL cert to the new site and configure your router or firewall to route port 443 traffic to the new ip address.
        Awesome! Now the part I havn't done before is setting a NIC up with two IP addresses. Any pointers?

        Comment


        • #5
          Re: URGENT: IIS 6 SSL w/ subdomain via host headers

          Ok I figured out how to assign two ips to the NIC. But I still can't bring up the site on the webserver. It tried to load the page and then brings up the page cannot be displayed error.

          At this point I am not sure where to turn next. Does anyone know what I might be missing on the setup of an SSL site in IIS6 here. Does someone know a great tutorial out there or a way to do some diagnostics to see what I missed?
          Last edited by kxcntry99; 18th October 2009, 16:18.

          Comment


          • #6
            Re: URGENT: IIS 6 SSL w/ subdomain via host headers

            Ok it looks like I got it. I couldn't figure out why the port forwarding wasn't sending 443 requests to the new IP address even after I was updating the firewall to send requests there.

            Of course it helps if you are updating the RIGHT firewall. I was updating the second one after the DMZ. Looks like I got requests going to the right places now.

            Thanks for the tip on setting up the 2nd IP on the same NIC! I didn't even know you could do that. How many IP's can one NIC hold???

            Comment


            • #7
              Re: URGENT: IIS 6 SSL w/ subdomain via host headers

              Glad you got it sorted out. I don't know if there's a technical or practical limitation but I have a web server that has dozens of ip addresses bound to one NIC.

              Comment

              Working...
              X