Re: Certificate for SBS2003 for Multiple Public Domains REPOST

Hi Hugh:
You are right! Our situation is almost identical. I too have a separate Web
server taking care of Port 80. The only difference is that I do not have
ISA. I decided not to use it because its predecessor Proxy 2 was such a pain
to administer. I do remember ISA 2000 having multiple certificates.
Unfortunately I will not be able to help you and I hope Javier returns to
this post as he said he would.

Kind regards
Fred


"Hugh G. Johnson" wrote:

> Javier,
>
> I'm in the same situation. I have one SBS box with ISA 04 and one WS03 box
> (web edition) on the network which is a dedicated web server. We want to
> host multiple public domains on this server. Each website has the ability to
> have a SSL cert installed for that site. From what I've read in T.
> Schinder's ISA Server 04 book about creating web site publishing rules and
> SSL web site rules is the SBS/ISA box has to have a copy of each Cert
> installed which it basically (believe me I'm paraphrasing here) forwards to
> the site once it picks up the hostheader information from the client. This
> seems all good, but I am having trouble creating a NEW Listener for each
> site because I get an error that says they can't have the same ports. So, do
> I need to have each Listener set to a different port to work which matches
> the SSL port set on the websites?
>
> Thanks.
>
> Hugh
>
> "Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:OFweEWj6FHA.3276@xxxxxxxxxxxxxxxxxxxxxxx
> > What you want is not technically possible...
> >
> > This is not a limitation of SBS or Windows, but its the way SSL certs
> > work. Think about it... when you request a page on SSL even the headers
> > are encrypted. This means that the secure connection must be established
> > *before* you can even transmit which URL you are using. So, its impossible
> > for any webserver to answer with the correct SSL certificate when it
> > doesn't know which URL you used on the first place.
> >
> > The only way to work around this is to use either different IP addresses
> > or different ports (like Sharepoint uses SSL, but on 444). If you had
> > multiple IPs then you could assign different SSL certs to each one
> > (although I'm still not sure if IIS allows to do this on the same
> > website). With multiple IPs + ISA this would be fairly easy to do, without
> > ISA it might be easy but I don't know.
> >
> > --
> > Javier [SBS MVP]
> > www.msmvps.com/javier
> > << SBS ROCKS!!! >>
> >
> > "Fred Andreone" <FredAndreone@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:85083419-C9C5-40AB-8095-95C0636FD1EC@xxxxxxxxxxxxxxxx
> >> The current SBS certificate generated by CEICW contains 1 public DNS
> >> name,
> >> plus multiple private DNS names.
> >>
> >> Presently the SBS2k3 Standard SP1 EXSP2 2 nics and RV042 router is
> >> responding to 5 Public DNS names succesfully. Mail for the Public Dns
> >> names
> >> is
> >> handled properly by Exchange.
> >>
> >> The only problem is that the certificates sent to web clients do not
> >> confirm
> >> that the server DNS name is the same as the DNS name requested.
> >>
> >> Example the server Certificate is set by CEICW to
> >> mycompamy.com
> >>
> >> All of the following requests indicate a certificate mismatch
> >>
> >> www.mycompany.com
> >> mail.mycompany.com
> >> mycompany.ca
> >> www.mycompany.ca
> >> mycompany.org
> >> www.mycompany.org
> >>
> >> Unfortunately, CEICW does not allow the entry of multiple FQDN's. Editing
> >> the VBS file generated by CEICW does not allow additonal names to be
> >> added.
> >>
> >> Creating a certificate with multiple FQDN's requests in Security Tab of
> >> the
> >> web site then importing it into Certfiicate manager does not create the
> >> right
> >> CN's.
> >>
> >> Can anyone explain how to create a self-registered certificate with
> >> multiple
> >> FQDN's. This should be a fairly normal occurance for small business.
> >>
> >> Many thanks in advance
> >> Fred
> >>
> >>
> >
> >
>
>
>
.

Relevant Pages

  • RE: SSL MITM not on port 443
    ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
    (Pen-Test)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Publish SSL Web Server behind SBS2003
    ... > How to configure a certificate for use with a Web publishing rule in ISA ... > Server 2004 ... > RWW/OWA for SSL encryption. ... Right click the SSL Web Site and click Properties. ...
    (microsoft.public.windows.server.sbs)
  • Re: "Could not connect to server" error when accessing Outlook 200
    ... Perhaps when you connect via RDP, you have to use SSL. ... The server you are connected to is using a security certificate ... A certificate chain processed, but terminated in a root certificate which is ... Settings on the Advanced tab. ...
    (microsoft.public.outlook.installation)