Re: Windows 2003 sbs : multiple webs & SSL

From: Erwin (ebuce_at_euronet.be)
Date: 09/12/04


Date: Sun, 12 Sep 2004 03:46:25 +0200

Like I said, I'm aware I'm a newbie as far as SBS is concerned, so don't
worry, I will not tamper with the server as long as I'm not 100% sure of
what I'm doing, but I had to have some general directions, which I now have.
Thanks for the advice though !
Erwin

"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:%23ioczGFmEHA.3608@TK2MSFTNGP09.phx.gbl...
> if you use a self generated certificate the user will be warned each time
> they browse the page that the certificate does not come from a trusted
> root. You can get them to install the cert though.
>
> Or you can purchase a certificate from a trusted root (verisign, fer
> instance) and install it on the server.
>
> Either way, you install the cert to IIS and control which directories
> 'require ssl'.
>
> NOTE: Someone asking these questions should read up on IIS and shouldn't
> even be dreaming about opening HTTP on their SBS. The fact of asking the
> question means you are not familiar enough with IIS to perform the task.
>
> "Erwin" <ebuce@euronet.be> wrote in message
> news:eVlYt8DmEHA.3876@TK2MSFTNGP15.phx.gbl...
>> Steve,
>> thanks for your prompt answer !
>>
>> Let me recapitulate to see if I got it right :
>>
>> 1. Forgetting about SSL for a moment, you CAN have different websites on
>> 1
>> IP-address, using Host Headers, right ? (I don't know how to do that, but
>> if
>> at least I know it's possible, I'll figure it out somehow)
>>
>> 2. SSL is only possible for 1 site. That's suits me fine, I don't need
>> SSL
>> for the other sites
>>
>> 3. Now about those certs, you mean that the user has to install those
>> certs
>> on his computer ? I thought the client just had to accept the fact that
>> SSL
>> is used (you know, the pop up windonw that comes up on which you have to
>> click "Accept" when you're installing a plug in to Internet Explorer);
>>
>> Could you let me know if I'm on the right track here ? Thanks
>> Erwin
>>
>> "Steve Bruce, mct" <steve@xmaslake.com> wrote in message
>> news:OfKEZqDmEHA.3900@TK2MSFTNGP10.phx.gbl...
>>> Yes you can issue your own certificates but it usually done when people
>> you
>>> know are going to be accessing the server, because you have to make
>>> arrangements for the installation of root certificate on their computer.
>>>
>>> There is a sample .asp page on the microsoft support site that you can
>> adapt
>>> for installing root certs on clients.
>>>
>>> this is what it looks like when adapted - takes a while to load because
>> you
>>> don't yet have the cert on your computer.
>>>
>>> https://mail.datacomintl.com/cert/
>>>
>>> Certificates for SSL have to be created to exactly match the url used to
>> get
>>> to the site. You can put different certificates on different web sites.
>>>
>>> To host multiple SSL sites on a server, you cannot use Host Headers to
>>> direct requests to the correct site because the Header cannot be read
>>> because it is encrupted.
>>>
>>> To support SSL with default port#s to one server you need an IP addres
>>> for
>>> each site.
>>>
>>>
>>> "Erwin" <ebuce@euronet.be> wrote in message
>>> news:uvR5xLDmEHA.3428@TK2MSFTNGP11.phx.gbl...
>>> > Hi,
>>> > being a newbie as far as W2003 SBS is concerned, I'm aware that the
>>> > following questions are probably asked a 1000 times before, but I
>>> > can't
>>> get
>>> > a clear picture.
>>> >
>>> > Here it goes :
>>> >
>>> > 1. Is it possible on W2003 SBS to host multiple webs ? I would like to
>>> have
>>> > www.abc.com and www.def.com to point to different virtual folders.
>>> > I know of the options :
>>> > a. get another IP address
>>> > b. use a different IP-port
>>> > c. use virtual folders (www.abc.com/abc and www.abc.com./def)
>>> > but they are all not quite what I need
>>> >
>>> > 2. For a virtual folder, I would need SSL. Is it possible in W2003 SBS
>> for
>>> > being your own CA ? I've read somewhere it is, but the article was for
>>> > securing your WHOLE website, while I need only to secure a virtual
>> folder.
>>> >
>>> > Any help on this would greatly be appreciated !
>>> >
>>> > Erwin Bauwens
>>> >
>>> >
>>>
>>>
>>
>>
>
>



Relevant Pages

  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... it prompts the user for what client cert they want to use to connect to the ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • Re: Direct Push failed.
    ... he security certificatee on the server is invalid. ... If have this error which means my ISA is working correctly am i right? ... The way is to export out the root cert from the ... In some cases you will have to install the trusted root certificate. ...
    (microsoft.public.exchange.setup)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • Re: Win Mobile 5 + SBS 2003 SP1 + Exchange SP1 Connection woes
    ... Also You do have use ssl ticked? ... Options, Server Settings, Connection and check the box "This server uses an ... So the certificate copied over just fine and has been installed on both ... The directions for install state that I can use the cert from the ...
    (microsoft.public.windows.server.sbs)
  • Re: Cingular 8125 and ActiveSynch
    ... What error message do you get when you copy the cert to the phone and click ... The last time I worried about it, Verizon ... They have a SBS Standard 2003 Server with all Service Packs (Exchange ... get the certs to install. ...
    (microsoft.public.windows.server.sbs)