Re: SSL, IIS & CF...

Brandon Wood Tue, 29 May 2001 14:35:03 -0700
Jim,

Yes, I got it to work...

Here is the code I used to keep the Web Trends code from showing.  I sure
hope this helps people out who might be going through these problems
themselves.

<cfparam name="CGI.HTTPS" default="off">

<cfif #CGI.HTTPS# IS "off">
     <cfinclude template="stats/Web_Trends_Live_Stats.cfm">
</cfif>

Thanks a ton,
Brandon

P.S.
BTW, what were some of the caveats you were going to mention once the SSL
worked?  I am curious to find out if they are ones I have already come
across.



----- Original Message -----
From: "Jim McAtee" <[EMAIL PROTECTED]>
To: "Brandon Wood" <[EMAIL PROTECTED]>
Sent: Tuesday, May 29, 2001 2:22 PM
Subject: Re: SSL, IIS & CF...


> If you can turn CF debugging on you should see a cgi variable called
HTTPS,
> with a value of "on".  Do something like:
>
> <cfparam name="CGI.HTTPS" default="off">
>
> ...
>
> <cfif not CGI.HTTPS>
>   ... put your outside site references, Web Trends stuff, etc. here.
> </cfif>
>
>
> Jim
>
>
> ----- Original Message -----
> From: "Brandon Wood" <[EMAIL PROTECTED]>
> To: "Jim McAtee" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, May 29, 2001 12:23 PM
> Subject: Re: SSL, IIS & CF...
>
>
> > Yes, it is definitely the code calling Web Trends Live that is messing
up
> > the SSL page.  I am trying to trap for the existence of "https": in a
page
> > request but cannot seem to find any CGI or request variable that will
> return
> > whether or not a page request is requesting "http" or "https".  Has
anyone
> > run across this?
> >
> > All I want to do is to not call the Web Trends Live code if the site
> > requests an "https" page.  That should solve my problem.  Any help would
> be
> > appreciated.
> >
> > Cheers,
> > Brandon
> >
> > ----- Original Message -----
> > From: "Jim McAtee" <[EMAIL PROTECTED]>
> > To: "Brandon Wood" <[EMAIL PROTECTED]>
> > Sent: Tuesday, May 29, 2001 2:51 AM
> > Subject: Re: SSL, IIS & CF...
> >
> >
> > > Do you have stuff like <img src="http://www.someothersite.com";> on the
> > page?
> > > That'll definitely cause stuff like this.  I'm not familiar with the
Web
> > > Trends Live code that you're talking about.  Is this a java class or
> > > somesuch?
> > >
> > > Jim
> > >
> > >
> > > ----- Original Message -----
> > > From: "Brandon Wood" <[EMAIL PROTECTED]>
> > > To: "Jim McAtee" <[EMAIL PROTECTED]>
> > > Sent: Tuesday, May 29, 2001 1:42 AM
> > > Subject: Re: SSL, IIS & CF...
> > >
> > >
> > > > Jim,
> > > >
> > > > Darn it, I bet the "secure and nonsecure" message is coming up due
to
> > the
> > > > existence of Web Trends Live code I have on all of my pages.
> Hmm...any
> > > > suggestions?
> > > >
> > > > Cheers,
> > > > BW
> > > >
> > > > ----- Original Message -----
> > > > From: "Jim McAtee" <[EMAIL PROTECTED]>
> > > > To: "Brandon Wood"" <[EMAIL PROTECTED]>
> > > > Sent: Tuesday, May 29, 2001 1:57 AM
> > > > Subject: Re: SSL, IIS & CF...
> > > >
> > > >
> > > > > Brandon,
> > > > >
> > > > > Are you using IIS4 (NT4) or IIS5 (Windows 2000)?  Just to let you
> > > know...
> > > > my
> > > > > only experience is with IIS4.  The following describes what I see
in
> > one
> > > > of
> > > > > my sites with a certificate installed.
> > > > >
> > > > > Select the virtual site and go to "Properties" (right click, then
> > > > > Properties, or click the finger/hand icon above.  On the 'Web
Site'
> > tab,
> > > > it
> > > > > shows the IP address, which I'd setup with the second of your two
IP
> > > > > addresses.  There's a box labeled 'TCP Port' which should have
'80'
> in
> > > it.
> > > > > The 'SSL Port' box should have 443 in it.  Clicking on the
> 'Advanced'
> > > > button
> > > > > should show two areas, the above showing the port 80
configuration,
> > the
> > > > > bottom one showing the port 443 config.
> > > > >
> > > > > If the 'SSL Port' box on the 'Web Site' tab is greyed out, I
belive
> > it's
> > > > > because there's no certificate is installed on the machine (not
> > certain
> > > > > about this, however).  Therefore, it may be necessary to correctly
> > > install
> > > > > the cert before doing the above.
> > > > >
> > > > > Not sure where you are with the certificate, so excuse me if you
> > already
> > > > > know this: Under key manager your certificate must be installed
and
> > > bound
> > > > to
> > > > > the IP address that you're going to use for SSL.  Double check
this.
> > > > > Installing the certificate is a two part deal.  First you generate
a
> > > > > certificate request, which you send off to Thawte, Verisign, etc.
> > They
> > > > > issue you a certificate which you then install in key manager.
You
> go
> > > > back
> > > > > to the request in key manager and install it there.  Only after
> you've
> > > > > installed the certificate (just a block of encrypted text) will
the
> > > > > certificate be active.
> > > > >
> > > > > Beyond the above, there shouldn't be anything you need to do with
> > > virtual
> > > > > directories or special directory permissions, etc.  In fact, you
> > > probably
> > > > > don't want to mess with them unless for some other purpose.  The
> > entire
> > > > site
> > > > > should be enabled for SSL.
> > > > >
> > > > > Which brings up some other issues.  Once you get this far, I'll
tell
> > you
> > > > > about those.
> > > > >
> > > > > Jim
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Brandon Wood" <[EMAIL PROTECTED]>
> > > > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > > > Sent: Tuesday, May 29, 2001 12:24 AM
> > > > > Subject: Re: SSL, IIS & CF...
> > > > >
> > > > >
> > > > > > Jim,
> > > > > >
> > > > > > Right now, I have only 2 IP Addresses available to use.  1 for
the
> > > > > machine,
> > > > > > and 1 for the site.  Right now, I am using the machine's IP and
> the
> > > > site's
> > > > > > for the regular http site.  I haven't dedicated one of those for
> the
> > > SSL
> > > > > > key, which I could.
> > > > > >
> > > > > > Right now, when I click advanced, I only see port 80 attached to
> the
> > > > > site's
> > > > > > IP.  What dould you recommend?  I do have two IPs available to
> use.
> > > So
> > > > > are
> > > > > > you saying that I create a single site in the MMC and then
create
> 2
> > > > > virtual
> > > > > > directories each having a different IP or are you saying to
create
> 2
> > > > sites
> > > > > > with each pointing to the same home directory but with different
> > ports
> > > > and
> > > > > > different IPs bound to the same?
> > > > > >
> > > > > > You are really helping me out here...I haven't message with
> virtual
> > > > > hosting
> > > > > > and leave most of the hosting side of things to those who know
> > > > > better...but
> > > > > > in this case, I am the only one holding the bag.
> > > > > >
> > > > > > If you can be specific in what should go in the site parameters,
> the
> > > IP
> > > > > > config for both the ports and sites, advanced properties and
> > possible
> > > > host
> > > > > > header places, I think I might just be on my way...for the
record,
> I
> > > > guess
> > > > > I
> > > > > > do have two IPs I can use, I can point the Key to either of them
> in
> > > the
> > > > > Key
> > > > > > Manager and have nothing more to lose....hehe
> > > > > >
> > > > > > Thanks a ton,
> > > > > > Brandon
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jim McAtee" <[EMAIL PROTECTED]>
> > > > > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > > > > Sent: Tuesday, May 29, 2001 12:24 AM
> > > > > > Subject: Re: SSL, IIS & CF...
> > > > > >
> > > > > >
> > > > > > > That sounds like the way I usually set it up.  Under the
virtual
> > > > site's
> > > > > > > properties you have TCP port 80 and SSL port 443 specified.
If
> > you
> > > > > click
> > > > > > > 'Advanced' you should see both ports bound to their respective
> IP
> > > > > address
> > > > > > or
> > > > > > > host header.
> > > > > > >
> > > > > > > Are you using host headers (IPless domains) on your web
server?
> > If
> > > > > you're
> > > > > > > using host headers, remember that for SSL you need to have an
IP
> > > > address
> > > > > > to
> > > > > > > which you bind the certificate.  So, you could use host
headers
> > for
> > > > the
> > > > > > > non-SSL (port 80) site, but you need an IP for SSL.  Since you
> > need
> > > a
> > > > > > > (dedicated) IP address for SSL on this site anyway, I'd just
set
> > up
> > > > the
> > > > > > > http/port80 side using standard IP-based domain resolution as
> well
> > > and
> > > > > not
> > > > > > > use host headers at all for this particular virtual site.
> > > > > > >
> > > > > > > Have you completed installation of the certificate in Key
> Manager
> > > and
> > > > > > > pointed it to the correct IP address?
> > > > > > >
> > > > > > > Jim
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Brandon Wood" <[EMAIL PROTECTED]>
> > > > > > > To: "CF-Talk" <[EMAIL PROTECTED]>
> > > > > > > Sent: Monday, May 28, 2001 11:03 PM
> > > > > > > Subject: Re: SSL, IIS & CF...
> > > > > > >
> > > > > > >
> > > > > > > > Jim,
> > > > > > > >
> > > > > > > > I issued the cert under the standard www.mysite.com.  I
> haven't
> > > set
> > > > up
> > > > > > two
> > > > > > > > virtual sites using different ports.  Is that the key?  And
if
> > so,
> > > > how
> > > > > > can
> > > > > > > > you set them up to both use the same dir?
> > > > > > > >
> > > > > > > > I have tried to just use a single site with both ports open
> and
> > > that
> > > > > > > doesn't
> > > > > > > > seem to work.  Every time I try to connect to the https URL,
I
> > get
> > > a
> > > > > > page
> > > > > > > > not found error--for the same template I can call with no
> > problem
> > > > > using
> > > > > > > the
> > > > > > > > standard http request.
> > > > > > > >
> > > > > > > > Thanks for your help, by the way.  I think you are on thr
> right
> > > > track
> > > > > to
> > > > > > > > getting me edumacated...or as Stan says, "You must no ssl
> sites
> > > > good."
> > > > > > > >
> > > > > > > > Cheers and clarification,
> > > > > > > > Brandon
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: SSL, IIS & CF...

Reply via email to
