Solved

IIS6 directing all https requests to the same site

Posted on 2010-09-13
3
455 Views
Last Modified: 2012-08-13
Hi Experts,

We have a server with 50 or so sites on. 1 of these has a SSL certificate installed.  We've just realised that if we browse to any of the host headers hosted on the server with https, the server is directing and serving up the one site that has SSL installed, even though the host headers being requested are not listed for this site in IIS.  IE complains that the cert does not match the domain name of the site but if you proceed, it loads the site that has the SSL installed!

Any help appreciated...
0
Comment
Question by:jammy-d0dger
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 33662682
Hi there,
This is standard behaviour. For almost all web hosts.
Typically with SSL you would.
A> Assign multiple IP address to a server and use 1 IP for a single SSL HTTP(s) Site.
B> use different SSL Ports on the server.
C> Use a wildcard SSL and assign SSL Host Headers
The issue here is that HTTPS and HTTP are protcols and since HTTPS is encrypted, IIS has no idea how to handle it.  So when a site is on SSL, the host header is encrypted and since all the data is encrypted, IIS has no idea which site to send the traffic to. At the same time, you are using the same IP on HTTP to host multiple other Sites. so what is happening is IIS is reponding to host entry but feeding your SSL Site content.
In our config, we use 1 IP / SSL Site and bind it to a SSL Host Header. This way there is no confusion. For all other HTTP Sites, We use Host headers as well, but they are on another IP.
Hope it helps,
Hades666
 
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33662729
So for SSL,
1. Configure you site to be assigned to 1 unique IP.
2. Configure your sites to use host headers for port 80 and 443.
3. Create a cert.
4. Assign the cert to the Site.
5.  Configure Secure Server Bindings
                cscript adsutil.vbs set /w3svc/<WEBSITE ID>/SecureBindings ":443:your.domain.com
Cheers,Hades666
0
 

Author Closing Comment

by:jammy-d0dger
ID: 33699874
Apologies for delay, forgot about this question.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redirect to HTTPS results in Infinite LOOP 4 136
Best secure sending email service 1 63
Hide http port number 5 51
Review of apps API SSL Cert policy 2 31
Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question