Re: IE6 ignoring HOSTS entries for HTTP

From: Sydney Delieu (syddel_at_hotmail.com)
Date: 03/22/04 

Date: Mon, 22 Mar 2004 14:51:56 -0800

Hi Alan,

Thank you so much for the information. Sorry about not mentioning the
use of SSL earlier.

I should have also mentioned that when I remove 'webserver' entry from
the hosts file, and then enter 'http://webserver' in the address bar of
IE6, I get 'The page cannot be displayed'.

The reason why the Win2K box is called 'webserver' is something I know
nothing about and have no control over. The reason why the hosts entry
for 'webserver' is required on client machines running the application
I have written is because the SSL certificates' common name had to
match the name of the server for the clients to be able to successfully
install the self-generated and signed certificate as trusted and not
receive warnings about name not matching or untrusted Certificate
Authority etc... Unless the client has installed the certifiate as
trusted, the client application will not successfully connect to the
application servers (middle-tier) as it's very touchy and will exit at
the first sign of a warning. Similarily, MS-SQL has the 'force protocol
encryption' option checked, and will not start if the
self-generated/self-signed certificate uses anything else other than
the name of the Win2K box as the common name.

Personally, I would love my employer to go out and register a fully
qualified domain name and purchase an SSL certificate from Thrawte or
Verisign, but for various reasons, it just aint gonna happen :(

Once again, thanks so much for the info. My mind is now at ease (at
least now I know 'why').

Regards,
Syd.

Alan J. McFarlane wrote:

> Sydney Delieu <syddel@hotmail.com> wrote:
> > Marc Reynolds [MSFT] wrote:
> >> Try using a FQDN in your Hosts file:
> >> 123.123.123.123. www.webserver.com
> >
> > Sorry, I should have mentioned in my first post that I have tried
> > using www.webserver.com - same thing - it takes me to the Yahoo
> > site. Again though, it works when I connect from another ISP (ie.
> > hosts for http requests fail from NTL Broadband, but works from BT
> > ADSP Broadband without any settings being changed on my laptop). It
> > also
>
> NTL uses transparent Web proxies. All HTTP traffic is channeled
> through them and from what I understand--and it matches what you've
> found--the IP Address the browser connects to is ignored and the
> hostname supplied in the HTTP Request is used. That is they do their
> own DNS lookup.
>
> I don't fully understand why "webserver" gets redirected though...
>
> Anyway.
> - Either you need to get a real entry in the real DNS system. This
> is best and I can't see why it would be difficult to arrange.
> - Or use a different port number on the web server.
> - Or just use the IP Address in your URLs.
> - Or try using a totally false name in the hosts file, e.g.
> www.webserver.locallocallocal
> - Or...
>
> [...]
> > I am desperate as the system I have will not work unless 'webserver'
>
> Why does it need to be referred to as "webserver"? Does the target
> web server run multiple virtual web sites and rely on the "Host:
> webserver" header? If so, www.webserver.com" wouldn't work...and you
> imply it should...
>
>
> > is resolved from the hosts file (a 3-tier system with SSL etc...).
> > Any help on this would be really appreciated.
> >
> HTTPS! You throw that in to the pot a bit late. :-) If you are
> using HTTPS to connect to the web server then obviously the proxies
> can't get involved and there will be no problem...

Relevant Pages

  • Re: Name on Security Certificate is invalid
    ... >The problem is related to SSL in general. ... >header of an SSL request to a webserver being encrypted. ... This means that the server would then be ... able to pass back the certificate that matches the server that the client is ...
    (microsoft.public.inetserver.iis.security)
  • RE: CA-SSL in IIS
    ... It all depends on what you intend to do with your Certificate Authority ... support a large number of webservers or if you choose to use certificates ... for more than just webserver SSL. ...
    (Focus-Microsoft)
  • Name on Security Certificate is invalid
    ... The problem is related to SSL in general. ... header of an SSL request to a webserver being encrypted. ... So only the first certificate is seen and the webserver ... The first site ...
    (microsoft.public.inetserver.iis.security)
  • Using SSL with IIS 5.0 - how does it work.
    ... I was thinking of using SSL on my webserver - and looked it up: ... Would someone explain to me how a cerficate functions and what it is ... Anyone coming to my site will be prompted for a certificate - correct? ... SSL is of use only if my data is very secret and I do not want others ...
    (microsoft.public.inetserver.iis.security)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... > Then the world would have no problem trusting your domain level PKI ... coined the term "certificate manufacturing" to distinquish from actual ... it turns out that one of the reasons for the SSL server domain name ...
    (sci.crypt)