?
Solved

IIS6 directing all https requests to the same site

Posted on 2010-09-13
3
Medium Priority
?
459 Views
Last Modified: 2012-08-13
Hi Experts,

We have a server with 50 or so sites on. 1 of these has a SSL certificate installed.  We've just realised that if we browse to any of the host headers hosted on the server with https, the server is directing and serving up the one site that has SSL installed, even though the host headers being requested are not listed for this site in IIS.  IE complains that the cert does not match the domain name of the site but if you proceed, it loads the site that has the SSL installed!

Any help appreciated...
0
Comment
Question by:jammy-d0dger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Brad Howe earned 2000 total points
ID: 33662682
Hi there,
This is standard behaviour. For almost all web hosts.
Typically with SSL you would.
A> Assign multiple IP address to a server and use 1 IP for a single SSL HTTP(s) Site.
B> use different SSL Ports on the server.
C> Use a wildcard SSL and assign SSL Host Headers
The issue here is that HTTPS and HTTP are protcols and since HTTPS is encrypted, IIS has no idea how to handle it.  So when a site is on SSL, the host header is encrypted and since all the data is encrypted, IIS has no idea which site to send the traffic to. At the same time, you are using the same IP on HTTP to host multiple other Sites. so what is happening is IIS is reponding to host entry but feeding your SSL Site content.
In our config, we use 1 IP / SSL Site and bind it to a SSL Host Header. This way there is no confusion. For all other HTTP Sites, We use Host headers as well, but they are on another IP.
Hope it helps,
Hades666
 
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33662729
So for SSL,
1. Configure you site to be assigned to 1 unique IP.
2. Configure your sites to use host headers for port 80 and 443.
3. Create a cert.
4. Assign the cert to the Site.
5.  Configure Secure Server Bindings
                cscript adsutil.vbs set /w3svc/<WEBSITE ID>/SecureBindings ":443:your.domain.com
Cheers,Hades666
0
 

Author Closing Comment

by:jammy-d0dger
ID: 33699874
Apologies for delay, forgot about this question.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question