Re: Windows 2003 sbs : multiple webs & SSL

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: SuperGumby [SBS MVP] (not_at_your.nellie)
Date: 09/11/04 

Date: Sun, 12 Sep 2004 08:50:27 +1000

if you use a self generated certificate the user will be warned each time
they browse the page that the certificate does not come from a trusted root.
You can get them to install the cert though.

Or you can purchase a certificate from a trusted root (verisign, fer
instance) and install it on the server.

Either way, you install the cert to IIS and control which directories
'require ssl'.

NOTE: Someone asking these questions should read up on IIS and shouldn't
even be dreaming about opening HTTP on their SBS. The fact of asking the
question means you are not familiar enough with IIS to perform the task.

"Erwin" <ebuce@euronet.be> wrote in message
news:eVlYt8DmEHA.3876@TK2MSFTNGP15.phx.gbl...
> Steve,
> thanks for your prompt answer !
>
> Let me recapitulate to see if I got it right :
>
> 1. Forgetting about SSL for a moment, you CAN have different websites on 1
> IP-address, using Host Headers, right ? (I don't know how to do that, but
> if
> at least I know it's possible, I'll figure it out somehow)
>
> 2. SSL is only possible for 1 site. That's suits me fine, I don't need SSL
> for the other sites
>
> 3. Now about those certs, you mean that the user has to install those
> certs
> on his computer ? I thought the client just had to accept the fact that
> SSL
> is used (you know, the pop up windonw that comes up on which you have to
> click "Accept" when you're installing a plug in to Internet Explorer);
>
> Could you let me know if I'm on the right track here ? Thanks
> Erwin
>
> "Steve Bruce, mct" <steve@xmaslake.com> wrote in message
> news:OfKEZqDmEHA.3900@TK2MSFTNGP10.phx.gbl...
>> Yes you can issue your own certificates but it usually done when people
> you
>> know are going to be accessing the server, because you have to make
>> arrangements for the installation of root certificate on their computer.
>>
>> There is a sample .asp page on the microsoft support site that you can
> adapt
>> for installing root certs on clients.
>>
>> this is what it looks like when adapted - takes a while to load because
> you
>> don't yet have the cert on your computer.
>>
>> https://mail.datacomintl.com/cert/
>>
>> Certificates for SSL have to be created to exactly match the url used to
> get
>> to the site. You can put different certificates on different web sites.
>>
>> To host multiple SSL sites on a server, you cannot use Host Headers to
>> direct requests to the correct site because the Header cannot be read
>> because it is encrupted.
>>
>> To support SSL with default port#s to one server you need an IP addres
>> for
>> each site.
>>
>>
>> "Erwin" <ebuce@euronet.be> wrote in message
>> news:uvR5xLDmEHA.3428@TK2MSFTNGP11.phx.gbl...
>> > Hi,
>> > being a newbie as far as W2003 SBS is concerned, I'm aware that the
>> > following questions are probably asked a 1000 times before, but I can't
>> get
>> > a clear picture.
>> >
>> > Here it goes :
>> >
>> > 1. Is it possible on W2003 SBS to host multiple webs ? I would like to
>> have
>> > www.abc.com and www.def.com to point to different virtual folders.
>> > I know of the options :
>> > a. get another IP address
>> > b. use a different IP-port
>> > c. use virtual folders (www.abc.com/abc and www.abc.com./def)
>> > but they are all not quite what I need
>> >
>> > 2. For a virtual folder, I would need SSL. Is it possible in W2003 SBS
> for
>> > being your own CA ? I've read somewhere it is, but the article was for
>> > securing your WHOLE website, while I need only to secure a virtual
> folder.
>> >
>> > Any help on this would greatly be appreciated !
>> >
>> > Erwin Bauwens
>> >
>> >
>>
>>
>
>

Relevant Pages

  • Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
    ... I decided to purchase a CA SSL key and replace the self cert on ... Basically I think the SBS web listener needs to be ... since both are working off the same certificate store. ...
    (microsoft.public.windows.server.sbs)
  • Re: 400 Bad Request Error
    ... Thanks for the reply,it does not look like the partner is using 2 different ... I have that cert imported into my trusted people certificate store for the ... I tried adding a client cert and without one and it is the same result.I do ... use a SSL connection on a different certificate. ...
    (microsoft.public.biztalk.server)
  • Heads Up: SSL defeated in IE and Konqueror
    ... SSL defeated in IE and Konqueror ... VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, ... tricky site owner signs an intermediate cert with another valid cert, ...
    (comp.os.linux.security)
  • Re: Win Mobile 5 + SBS 2003 SP1 + Exchange SP1 Connection woes
    ... The problem is the same with or without SSL ticked. ... So the certificate copied over just fine and has been installed on both ... The directions for install state that I can use the cert from the ...
    (microsoft.public.windows.server.sbs)
  • Re: Certificate Services and Synching with Exchange
    ... Yes, installing the cert and self-signing worked, but only because ... Yes, I had to manually export and install it, but it was trivially ... You export the cert from the MMC to a .cer file. ... Will installing Certificate Services and self-signing a certificate ...
    (microsoft.public.pocketpc.activesync)