Solved

IIS6 directing all https requests to the same site

Posted on 2010-09-13
3
458 Views
Last Modified: 2012-08-13
Hi Experts,

We have a server with 50 or so sites on. 1 of these has a SSL certificate installed.  We've just realised that if we browse to any of the host headers hosted on the server with https, the server is directing and serving up the one site that has SSL installed, even though the host headers being requested are not listed for this site in IIS.  IE complains that the cert does not match the domain name of the site but if you proceed, it loads the site that has the SSL installed!

Any help appreciated...
0
Comment
Question by:jammy-d0dger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 500 total points
ID: 33662682
Hi there,
This is standard behaviour. For almost all web hosts.
Typically with SSL you would.
A> Assign multiple IP address to a server and use 1 IP for a single SSL HTTP(s) Site.
B> use different SSL Ports on the server.
C> Use a wildcard SSL and assign SSL Host Headers
The issue here is that HTTPS and HTTP are protcols and since HTTPS is encrypted, IIS has no idea how to handle it.  So when a site is on SSL, the host header is encrypted and since all the data is encrypted, IIS has no idea which site to send the traffic to. At the same time, you are using the same IP on HTTP to host multiple other Sites. so what is happening is IIS is reponding to host entry but feeding your SSL Site content.
In our config, we use 1 IP / SSL Site and bind it to a SSL Host Header. This way there is no confusion. For all other HTTP Sites, We use Host headers as well, but they are on another IP.
Hope it helps,
Hades666
 
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33662729
So for SSL,
1. Configure you site to be assigned to 1 unique IP.
2. Configure your sites to use host headers for port 80 and 443.
3. Create a cert.
4. Assign the cert to the Site.
5.  Configure Secure Server Bindings
                cscript adsutil.vbs set /w3svc/<WEBSITE ID>/SecureBindings ":443:your.domain.com
Cheers,Hades666
0
 

Author Closing Comment

by:jammy-d0dger
ID: 33699874
Apologies for delay, forgot about this question.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question