Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / IIS / IIS Security / March 2007

Tip: Looking for answers? Try searching our database.

Help with SSL on IIS with 2 domain names - Certifiate warning

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
gazlon@gmail.com - 16 Mar 2007 15:07 GMT
Hi,

I have installed a Thawte SSL and SGC certificate on my IIS server for
the following address:

www.heritageresp.com

We have also installed ISAPI_Rewrite to redirect our old address which
is pointing to the same box and has the same IP address:

www.heritagefunds.ca

When people goto the .ca site everything is fine but if the direcly
point to a secure page it comes up with the certifiate warning that
it's not the right domain name. (There is also a secure and non-secure
messaage but thats a different issue).

The following address will give you the certifiate warning and then
when you accept it will redirect to the proper site.

https://www.heritagefunds.ca/content/contest.asp

We want to change it so that it redirects before it check the security
on the page as its secure if you use the .com address.

Thanks for any help you may have!

Mike
Reply to this Message
David Wang - 17 Mar 2007 06:23 GMT
URL-rewriting is not going to solve anything when it comes to SSL
because it happens after SSL negotiation has already completed, so you
cannot affect the SSL Certificate, which is what the browser is
complaining about. The solution involves either the SSL Certificate or
additional IP addresses. Either:
1. Install a SSL Certificate which names both heritageresp.com and
heritagefunds.com
2. Purchase a second IP so that www.heritageresp.com and
heritagefunds.ca are on different IP (so that you can HTTPS client
redirect)

Otherwise, what you are asking for is not possible because it would be
a security vulnerability. You are asking if you can transparently
redirect people who typed https://www.goodguy.com to https://www.badguy.com
without any certificate warning, and that is clearly not a good
idea...

If you are running Windows Server 2003 SP1, I recommend using SSL Host
Headers with a SSL Certificate that names both heritageresp.com and
heritagefunds.com . That is the simplest solution because it's just
one SSL Certificate on Windows Server 2003 SP1 and you are done.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

On Mar 16, 7:07 am, gaz...@gmail.com wrote:
> Hi,
>
[quoted text clipped - 24 lines]
>
> Mike
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.