Solved

IIS6 directing all https requests to the same site

Posted on 2010-09-13
3
454 Views
Last Modified: 2012-08-13
Hi Experts,

We have a server with 50 or so sites on. 1 of these has a SSL certificate installed.  We've just realised that if we browse to any of the host headers hosted on the server with https, the server is directing and serving up the one site that has SSL installed, even though the host headers being requested are not listed for this site in IIS.  IE complains that the cert does not match the domain name of the site but if you proceed, it loads the site that has the SSL installed!

Any help appreciated...
0
Comment
Question by:jammy-d0dger
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 33662682
Hi there,
This is standard behaviour. For almost all web hosts.
Typically with SSL you would.
A> Assign multiple IP address to a server and use 1 IP for a single SSL HTTP(s) Site.
B> use different SSL Ports on the server.
C> Use a wildcard SSL and assign SSL Host Headers
The issue here is that HTTPS and HTTP are protcols and since HTTPS is encrypted, IIS has no idea how to handle it.  So when a site is on SSL, the host header is encrypted and since all the data is encrypted, IIS has no idea which site to send the traffic to. At the same time, you are using the same IP on HTTP to host multiple other Sites. so what is happening is IIS is reponding to host entry but feeding your SSL Site content.
In our config, we use 1 IP / SSL Site and bind it to a SSL Host Header. This way there is no confusion. For all other HTTP Sites, We use Host headers as well, but they are on another IP.
Hope it helps,
Hades666
 
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33662729
So for SSL,
1. Configure you site to be assigned to 1 unique IP.
2. Configure your sites to use host headers for port 80 and 443.
3. Create a cert.
4. Assign the cert to the Site.
5.  Configure Secure Server Bindings
                cscript adsutil.vbs set /w3svc/<WEBSITE ID>/SecureBindings ":443:your.domain.com
Cheers,Hades666
0
 

Author Closing Comment

by:jammy-d0dger
ID: 33699874
Apologies for delay, forgot about this question.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question