Re: IIS 6 and SSL

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 05/25/04 

Date: Tue, 25 May 2004 15:00:37 -0700

No.

SSL cert binding is specific to a IP:Port and does not support host headers.
This is because host headers are a part of the HTTP request... which is all
encrypted by SSL... so it is impossible for the server to figure out which
cert to use for decryption if the info itself is encrypted. Catch-22.

If it is internal and you control all clients accessing the website, just
use SelfSSL from the IIS6 Resource Kit.
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en

Here is how you can fake having exactly one website using host headers and
SSL. Just configure that website to have no Host header to have SSL, and
every other website on that IP uses host headers. This SSL website without
host header is a "catch-all" for all unrecognized host headers coming over
SSL (hence you can have only one per IP/Port). Then, you twiddle with DNS
configuration to point requests containing the SSL host header to this IP,
and voila. 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"WebGuyBob" <anonymous@discussions.microsoft.com> wrote in message
news:9767465C-157E-4C95-91A5-1B9D7869E421@microsoft.com...
LMAO...I appreciate the run-on sentence.
So, I can have multiple certs on a single-server IP as long as the different
sites (using host headers) have their own cert and the URLs in those certs
are unique to each URL?
Honestly, I'm simply trying to use SSL on a site will never be intended for
public consumption.  In fact, none of the sites on the server will be for
public consumption.  So, I was hoping to avoid having to use a cert
altogether and just enable SSL via port 443 on the only site on a single-IP
server having multiple sites (via host headers) which will never use SSL.
How's THAT for a run-on?  ;-)

Relevant Pages

  • Re: Do I really need a wild card certificate ?
    ... For starter, SSL cert bind to website level, you can't install cert on ... virtual directory/file level, however you can control SSL requirement all ... There are 3 other sites using host headers as well ...
    (microsoft.public.inetserver.iis.security)
  • Re: Do I really need a wild card certificate ?
    ... When I browse to the SSL enabled virtual directory from within my work ... There are 3 other sites using host headers as well ... Wildcard cert is typicall more expensive then normal SSL cert, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Mulit-domain SSL cert installation
    ... SSL rather than IIS. ... The number of domains of a certificate ... Use same IP and SSL Host Headers with wildcard certificate. ... multi-domain cert for multiple hosts under separate domain names. ...
    (microsoft.public.inetserver.iis.security)
  • RE: Multiple Sites running same code, w/SSL.
    ... Host headers are not supported with SSL ... 187504 HTTP 1.1 Host Headers Are Not Supported When You Use SSL ... >All the sites resolve to the same IP so I use Host Header Name in IIS ... There is NO cert setup for this site, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Running 2 SSL Certificates on SBS03 default website
    ... Host headers don't really work with SSL, hence you can't have 2 certifcates ... > on our default website, I was thinking of having a subdomain and getting a ...
    (microsoft.public.windows.server.sbs)