Re: Certificate for SBS2003 for Multiple Public Domains REPOST

Thank you very much for your response Javier:

Please understand that I am not trying to setup Multiple encrypted sites
using Host headers. I am well aware of the fact that Host Headers do not work
with encrypted sites.

What I am trying to ensure is that when a user enters any one of the sites,
with different public names, that the certificate sent back to him does not
state that the physical server has a different name then the website
requested!

Do you not agree that many small commercial organizations direct their
different DNS names to one physical site?

Example
If the customer enters either

www.yourcompany.com or yourcompany.com

and you redirect him to the same web page, shouldn't the certificate he is
asked to load be the same?

In this newsgroup I read something about Wildcsrd certificates and that IIS
6.0 is supposed to support them. I do not know if this is the solution to my
problem?

Also I read that IIS 6.0 should allow you to author your own certificate.
Unfortunately I have been unable to figure out how to use Certmgr and the IIS
cert wizard to create a valid certificate.

The most important item is the fact that the standard SBS certificate has
more than one domain name included in the certificate. I know that ther is
only one Public name. I am not sure if that make a difference.




"Javier Gomez [SBS MVP]" wrote:

> What you want is not technically possible...
>
> This is not a limitation of SBS or Windows, but its the way SSL certs work.
> Think about it... when you request a page on SSL even the headers are
> encrypted. This means that the secure connection must be established
> *before* you can even transmit which URL you are using. So, its impossible
> for any webserver to answer with the correct SSL certificate when it doesn't
> know which URL you used on the first place.
>
> The only way to work around this is to use either different IP addresses or
> different ports (like Sharepoint uses SSL, but on 444). If you had multiple
> IPs then you could assign different SSL certs to each one (although I'm
> still not sure if IIS allows to do this on the same website). With multiple
> IPs + ISA this would be fairly easy to do, without ISA it might be easy but
> I don't know.
>
> --
> Javier [SBS MVP]
> www.msmvps.com/javier
> << SBS ROCKS!!! >>
>
> "Fred Andreone" <FredAndreone@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:85083419-C9C5-40AB-8095-95C0636FD1EC@xxxxxxxxxxxxxxxx
> > The current SBS certificate generated by CEICW contains 1 public DNS name,
> > plus multiple private DNS names.
> >
> > Presently the SBS2k3 Standard SP1 EXSP2 2 nics and RV042 router is
> > responding to 5 Public DNS names succesfully. Mail for the Public Dns
> > names
> > is
> > handled properly by Exchange.
> >
> > The only problem is that the certificates sent to web clients do not
> > confirm
> > that the server DNS name is the same as the DNS name requested.
> >
> > Example the server Certificate is set by CEICW to
> > mycompamy.com
> >
> > All of the following requests indicate a certificate mismatch
> >
> > www.mycompany.com
> > mail.mycompany.com
> > mycompany.ca
> > www.mycompany.ca
> > mycompany.org
> > www.mycompany.org
> >
> > Unfortunately, CEICW does not allow the entry of multiple FQDN's. Editing
> > the VBS file generated by CEICW does not allow additonal names to be
> > added.
> >
> > Creating a certificate with multiple FQDN's requests in Security Tab of
> > the
> > web site then importing it into Certfiicate manager does not create the
> > right
> > CN's.
> >
> > Can anyone explain how to create a self-registered certificate with
> > multiple
> > FQDN's. This should be a fairly normal occurance for small business.
> >
> > Many thanks in advance
> > Fred
> >
> >
>
>
>
.

Relevant Pages

  • Re: Certificate for SBS2003 for Multiple Public Domains REPOST
    ... I have one SBS box with ISA 04 and one WS03 box ... host multiple public domains on this server. ... SSL web site rules is the SBS/ISA box has to have a copy of each Cert ... >> The current SBS certificate generated by CEICW contains 1 public DNS ...
    (microsoft.public.windows.server.sbs)
  • Re: Self certified SSL on SBS 2003 for a very small office...
    ... the SSL subject is somewhat a mystery for me... ... the server and it is kept there. ... DNS name in a format "XX.serveftp.com" pointing to my fixed IP ... certificate and managed to install it on both Server and my Nokia ...
    (microsoft.public.windows.server.sbs)
  • Re: Certificate for SBS2003 for Multiple Public Domains REPOST
    ... I do remember ISA 2000 having multiple certificates. ... > on the network which is a dedicated web server. ... > SSL web site rules is the SBS/ISA box has to have a copy of each Cert ... >>> The current SBS certificate generated by CEICW contains 1 public DNS ...
    (microsoft.public.windows.server.sbs)
  • Certificate issue with WCF client accessing webservice via broker
    ... I am writing a client WCF webservice and have run into difficulty trying to ... The "defaultCertificate" is the SSL ... cert thumbprint for the broker server, this certificate DNS matches the DNS ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Self certified SSL on SBS 2003 for a very small office...
    ... the SSL subject is somewhat a mystery for me... ... the router to the server and it is kept there. ... DNS name in a format "XX.serveftp.com" pointing to my fixed IP ... certificate and managed to install it on both Server and my Nokia ...
    (microsoft.public.windows.server.sbs)