Re: Certificate for SBS2003 for Multiple Public Domains REPOST
- From: "Hugh G. Johnson" <hughgjohnsonNOT@xxxxxxxxxxx>
- Date: Thu, 17 Nov 2005 16:27:19 -0800
Javier,
I'm in the same situation. I have one SBS box with ISA 04 and one WS03 box
(web edition) on the network which is a dedicated web server. We want to
host multiple public domains on this server. Each website has the ability to
have a SSL cert installed for that site. From what I've read in T.
Schinder's ISA Server 04 book about creating web site publishing rules and
SSL web site rules is the SBS/ISA box has to have a copy of each Cert
installed which it basically (believe me I'm paraphrasing here) forwards to
the site once it picks up the hostheader information from the client. This
seems all good, but I am having trouble creating a NEW Listener for each
site because I get an error that says they can't have the same ports. So, do
I need to have each Listener set to a different port to work which matches
the SSL port set on the websites?
Thanks.
Hugh
"Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:OFweEWj6FHA.3276@xxxxxxxxxxxxxxxxxxxxxxx
> What you want is not technically possible...
>
> This is not a limitation of SBS or Windows, but its the way SSL certs
> work. Think about it... when you request a page on SSL even the headers
> are encrypted. This means that the secure connection must be established
> *before* you can even transmit which URL you are using. So, its impossible
> for any webserver to answer with the correct SSL certificate when it
> doesn't know which URL you used on the first place.
>
> The only way to work around this is to use either different IP addresses
> or different ports (like Sharepoint uses SSL, but on 444). If you had
> multiple IPs then you could assign different SSL certs to each one
> (although I'm still not sure if IIS allows to do this on the same
> website). With multiple IPs + ISA this would be fairly easy to do, without
> ISA it might be easy but I don't know.
>
> --
> Javier [SBS MVP]
> www.msmvps.com/javier
> << SBS ROCKS!!! >>
>
> "Fred Andreone" <FredAndreone@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:85083419-C9C5-40AB-8095-95C0636FD1EC@xxxxxxxxxxxxxxxx
>> The current SBS certificate generated by CEICW contains 1 public DNS
>> name,
>> plus multiple private DNS names.
>>
>> Presently the SBS2k3 Standard SP1 EXSP2 2 nics and RV042 router is
>> responding to 5 Public DNS names succesfully. Mail for the Public Dns
>> names
>> is
>> handled properly by Exchange.
>>
>> The only problem is that the certificates sent to web clients do not
>> confirm
>> that the server DNS name is the same as the DNS name requested.
>>
>> Example the server Certificate is set by CEICW to
>> mycompamy.com
>>
>> All of the following requests indicate a certificate mismatch
>>
>> www.mycompany.com
>> mail.mycompany.com
>> mycompany.ca
>> www.mycompany.ca
>> mycompany.org
>> www.mycompany.org
>>
>> Unfortunately, CEICW does not allow the entry of multiple FQDN's. Editing
>> the VBS file generated by CEICW does not allow additonal names to be
>> added.
>>
>> Creating a certificate with multiple FQDN's requests in Security Tab of
>> the
>> web site then importing it into Certfiicate manager does not create the
>> right
>> CN's.
>>
>> Can anyone explain how to create a self-registered certificate with
>> multiple
>> FQDN's. This should be a fairly normal occurance for small business.
>>
>> Many thanks in advance
>> Fred
>>
>>
>
>
.
- Follow-Ups:
- Re: Certificate for SBS2003 for Multiple Public Domains REPOST
- From: Fred Andreone
- Re: Certificate for SBS2003 for Multiple Public Domains REPOST
- Prev by Date: exchange size limit nearing!
- Next by Date: Re: Trend - CSM
- Previous by thread: Re: Certificate for SBS2003 for Multiple Public Domains REPOST
- Next by thread: Re: Certificate for SBS2003 for Multiple Public Domains REPOST
- Index(es):
Relevant Pages
|
