Re: Multiple SSL sites on one IIS server
From: Mohammed A. Raslan (mhdraslan_at_gmail.com.delme)
Date: 01/12/05
- Next message: Mohammed A. Raslan: "Re: ISA Proxy Override"
- Previous message: RDavid: "Re: URL being redirected???"
- In reply to: akhtar: "Re: Multiple SSL sites on one IIS server"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 11 Jan 2005 20:39:02 -0800
You usualy have 2 options when publishing SSL sites
1. SSL Bridging: that is, The ISA Server will be the one communicating with
the clients as the requested web server, in this case, you export the web
sites certificates from the web servers to files, and import them to the
Machine Certificate Store on the ISA Server, and you then configure 2 HTTPS
listners (you will require 2 different external IP's), you do this by
right-clicking on the ISA Server node in ISA Management and choosing
properties, then clicking on the Incomming Web Requests tab, specifiy there
that you will configure each listener independently and choose for each
listener a certificate for a web site, after that you can use the Web
Publishing rules to bridge Incomming HTTPS requests to normal HTTP or HTTPS
request from the ISA to the Internal Web Server. Note that you don't have to
install the Certificates on the internal web servers in this case if you will
be bridging HTTPS to HTTP
2. SSL Tunnling, here ISA is completely out of the picture, it doesn't look
or cares about HTTP or HTTPS or any other thing. In this senario, you Install
the certificates on the Internal Web Server, and use 2 different internal
IP's, and then on the ISA Server you make sure you have also 2 different
external IP's, then you create a Server Publishing Rule not a Web Publishing
rule that maps port 443 on each external IP to one of the internal IP's. Note
here that you must install the Certificates on the internal web server.
You will need 2 External IP's in all cases, or in other words, an external
IP for each HTTPS website
Hope that this helps you
"akhtar" wrote:
> If I am understanding it looks like (by consensus at least) I need multiple
> external ips to have independent SSL sites internally (also multiple ips),
> due to the fact that HTTPS packet also encrypts the host header.
>
> What I am trying to achieve here is have 2 (or more) public websites, each
> with their own domain and ssl certificate and each independent of each
> other. At the moment I have a siingle external ip and been running multiple
> non-ssl websites using host-headers and 1 SSL site. But now 2 of them need
> SSL, hence the problems I have been facing. In the short term it looks like
> I'll have to uses Kristofers suggestion of multiple SSLs on different ports,
> as I was in the process of moving ISP anyway to get cheaper connection and
> cheaper static-ips.
>
>
> Akhtar
>
>
>
>
>
>
> <hal@nospam.com> wrote in message
> news:nhg5u0lrb3ll11knff2be5cuodl55t79dn@4ax.com...
> > On Mon, 10 Jan 2005 15:01:46 GMT, John Cesta <lists@lookwww.com>
> > wrote:
> >
> >>On 9 Jan 2005 06:45:20 -0800, akhtar__299@hotmail.com (akhtar) wrote:
> >>
> >>>Hi
> >>>
> >>>I have set up 2 (ASP.NET) web sites on IIS with differnet domains.
> >>>Each website is running on a differnt port, and each web site needs to
> >>>have SSL security on it. However SSL is not working on the second site
> >>>and just redirects to the first (totally unrelated) site, i.e.
> >>>https://www.mydomain2.com/secure/login.aspx actually ends up going to
> >>>https://www.mydomain1.com/secure/login.aspx even thought the host
> >>>header is correct. The certificate passed to the browser is the one
> >>
> >>Looks like you complicated the setup a little. Why is each site
> >>running on a different port? You can use host headers to run each site
> >>independently
> >
> > You can't use host headers with SSL because the headers will be
> > encrypted in the packet, and IIS can't redirect based on a header.
> >
> > Hal
> >
> >> or use a separate IP for each site.
> >>
> >>You can also share SSL by placing the ssl files in a folder and
> >>creating a virtual folder with ssl pointing to that folder. When those
> >>files are called with https the browser is directed to the SSL site.
> >>
> >>What is the goal here?
> >>
> >>John Cesta
> >>
> >>iMAIL Reporter - Reports on iMAIL server and POP users
> >>LogFileManager - IIS LogFile Management Tool
> >>WebPageChecker - Helps Maintain Server UpTime
> >>DomainReportIt PRO - Helps Rebuild IIS
> >>http://www.serverautomationtools.com
> >>
> >>>for domain1.
> >>>I have read various newsgroup posts and tried to follow everything,
> >>>but it still does not seem to work. E.g I have put each website on its
> >>>own ip address
> >>>
> >>>
> >>>The config is as follows
> >>>
> >>>Windows 2003 server with ISA 2000 and IIS
> >>>On ISA -a publishing rule for each domain, with send original host
> >>>header on:
> >>>domain1 http to port IP1: 44446, ssl to port IP1:443
> >>>domain2 http to port IP2: 44447, ssl to port IP2:44448
> >>>
> >>>IP1 and IP2 are both on the same nic.
> >>>
> >>>On IIS
> >>>2 web sites, each with its own certificate. Domain1 running on IP1
> >>>ports 44444, SSL 443. Domain2 running on IP2 ports 44447, SSL 44448.
> >>>
> >>>
> >>>Thanks for any help
> >>>Akhtar
> >
>
>
>
- Next message: Mohammed A. Raslan: "Re: ISA Proxy Override"
- Previous message: RDavid: "Re: URL being redirected???"
- In reply to: akhtar: "Re: Multiple SSL sites on one IIS server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
