RE: configuring ssl certificate in multiple website
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Tue, 07 Nov 2006 07:19:16 GMT
Hello Customer,
Thank you for posting here.
According to your description, I understand that you have 2 websites and
you want to configure other web site to a SSL site. If I have misunderstood
the problem, please don't hesitate to let me know.
We can perform follow steps to configure one SSL web site:
Step 1: Prepare certificate for this SSL web site
-----------------
If all your SSL web sites use only one FQDN to access, you can prepare
certificate by CEICW
1) IIS SSL Configuration Component
The IIS SSL configuration component will configure IIS to utilize SSL for
secure transactions between Web clients and the IIS server. This will allow
for encrypted authentication and sessions so that critical business data is
not being sent in cleartext over the wire.
This component will not be available as a general option and it will
automatically be configured for some websites if:
The user selected to publish part or all of the Web Server in the Firewall
component.
The user selected the router single network adapter scenario in the
Networking configuration component (since firewall is not configured in
this scenario).
Also, if the user is switching to a modem scenario, and SSL has previously
been configured, then in this scenario the wizard will still not display
the component but will disable the SSL configuration (as if Disable SSL was
selected).
2) Enable SSL
In this case the component will configure the Default Web Site to utilize
SSL by using a certificate that either the component will create or the
user will provide.
If the user has chosen any options that enabled SSL and a certificate is
already in use, the UI will ask the user if he/she wants to use a new
certificate or simply use the existing one. If the user chooses to use the
existing one, then the UI will prompt the user to select "Don't touch."
Regardless of which certificate option the user chooses, this certificate
will then be installed to both the Default Web Site and the SharePoint Web
Site as the means to enabling SSL for those sites. In addition, the Default
Web Site will be configured to use the standard port 443 for SSL and the
SharePoint Web Site will be configured to use port 444 for SSL.
3) Create a certificate
If the user selects this option, the component will create a self-signed
certificate. The certificate will have the default expiration period (five
years). The certificate will use the user-provided Internet server name for
the SBS server. This value will then be stored in the InternetServerName
regkey for other components. IIS will then be configured to use this
certificate to create encrypted sessions with Web clients. The certificate
that the component creates will also have to be saved to
%sbsserver%\clientapps\SBScert\sbscert.cer so it will be available for
Client Setup to install on the client computers.
If a certificate already exists on the computer, the user will be prompted
to see if he/she wants to revoke or replace the existing certificate. If
not, then the user will be prompted to select "Do not change."
If your SSL web sites use different FQDNs to access .There is a KB you can
follow to create a certificate
How to implement SSL in IIS
http://support.microsoft.com/kb/299875/en-us
Step 2: Enforce SSL Connections
-------------------
After the server certificate is installed, you can enforce SSL secure
channel communications with clients of the Web server. You need to enable
port 443 for secure communications with the Web site. To do this, follow
these steps:
1. From the Computer Management console, right-click the Web site on which
you want to enforce SSL and click Properties.
2. Click the Web Site tab. In the Web Site Identification section, verify
that the SSL Port field is populated with the numeric value 443.
3. Click Advanced. You should see two fields. The IP address and port of
the Web site should already be listed in the Multiple identities for this
web site field. Under the Multiple SSL Identities for this web site field,
click Add if port 443 is not already listed. Select the server's IP
address, and type the numeric value 443 in the SSL Port field. Click OK.
Now that port 443 is enabled, you can enforce SSL connections.
4. Click the Directory Security tab. In the Secure Communications section,
note that Edit is now available. Click Edit.
5. Select Require Secure Channel (SSL).NOTE: If you specify 128-bit
encryption, clients who use 40-bit or 56-bit strength browser will not be
able to communicate with your site unless they upgrade their encryption
strength.
6. Open your browser and try to connect to your Web server by using the
standard http:// protocol. If SSL is being enforced, you receive the
following error message:
The page must be viewed over a secure channel
The page you are trying to view requires the use of "https" in the address.
Please try the following: Try again by typing https:// at the beginning of
the address you are attempting to reach. HTTP 403.4 - Forbidden: SSL
required Internet Information Services
Technical Information (for support personnel) Background: This error
indicates that the page you are trying to access is secured with Secure
Sockets Layer (SSL).
You can now connect to your Web site only by using the https:// protocol.
There is also a KB about this:
How to enable SSL for all customers who interact with your Web site in
Internet Information Services
http://support.microsoft.com/kb/298805/en-us
If you install ISA on your SBS server, you need to perform step 3.
Step 3: Publish SSL web site in ISA
-------------------
In ISA 2000
How to publish SSL Web sites by using server publishing
http://support.microsoft.com/kb/298900/en-us
In ISA 2004
How to publish an SSL Web site by using SSL tunneling in ISA Server 2004
http://support.microsoft.com/kb/837834/en-us
Hope these steps will give you some help. Please let me know the results so
that I can provide further assistance on this problem. I am looking forward
to your reply. Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: configuring ssl certificate in multiple website
| thread-index: AccCAeiyJmX5dXXoTQSVuOssjnMVbg==
| X-WBNR-Posting-Host: 58.69.207.102
| From: =?Utf-8?B?Y2h1bmt5?= <chunky@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: configuring ssl certificate in multiple website
| Date: Mon, 6 Nov 2006 16:16:02 -0800
| Lines: 9
| Message-ID: <738D6BA9-178C-4DF1-8E09-54574C3034FE@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:310746
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| hi..
|
| i amhosting 2 websites on my sbs machine. and i am wondering if its
possible
| that my other website be configured with ssl. if yes, how and where
should i
| start configuring it..
|
| thanks
| --
| chunky
|
.
- Prev by Date: Re: Router VPN to SBS-2003
- Next by Date: Re: Static IP for Exchange question
- Previous by thread: RE: Sharepoint contact email
- Next by thread: RE: Roaming Profiles over DFS
- Index(es):
Relevant Pages
|
