RE: problems with SSL and host-headers
pretty much correct. in IIS, you cannot use host headers to differentiate sites AND use an SSL cert on those sites. the request is encrypted (obviously, it's SSL), and IIS can't see the encrypted host header to know which site to send it to (and which SSL cert to use to decrypt it). -Original Message- From: cf-talk [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 5:16 PM To: CF-Talk Subject: OT: problems with SSL and host-headers Hi list, I have a CF-shared box with one IP-adress. I would like to do the following: Having access to https://subdomain.domain.com:443 I have a valid certificate for this subdomain from Thawte but when I try to connect to that URL I get an error, that there is no such server. I am sure it has s.th. to do with host-headers. Someone else told me, that you can only run one certificate with one port (e.g. 443) on the same IP using host-headers (HTTP 1.1) Can s.o. verify this ? Thanks Uwe __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: problems with SSL and host-headers
They were correct. Since IIS can't see the header, your request is going to be sent directly to port 443, which is most likely listened to by the default or admin virtual domain.. \ However, this is possible. I have done this in the past using the undefined ports starting at 28000. If you set your SSL port to 28000 for that virtual domain, this should work. You just have to remember to code all your links to point to the correct port. - Original Message - From: Christopher Olive [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, July 29, 2002 9:28 AM Subject: RE: problems with SSL and host-headers pretty much correct. in IIS, you cannot use host headers to differentiate sites AND use an SSL cert on those sites. the request is encrypted (obviously, it's SSL), and IIS can't see the encrypted host header to know which site to send it to (and which SSL cert to use to decrypt it). -Original Message- From: cf-talk [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 5:16 PM To: CF-Talk Subject: OT: problems with SSL and host-headers Hi list, I have a CF-shared box with one IP-adress. I would like to do the following: Having access to https://subdomain.domain.com:443 I have a valid certificate for this subdomain from Thawte but when I try to connect to that URL I get an error, that there is no such server. I am sure it has s.th. to do with host-headers. Someone else told me, that you can only run one certificate with one port (e.g. 443) on the same IP using host-headers (HTTP 1.1) Can s.o. verify this ? Thanks Uwe __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: problems with SSL and host-headers
right. this changes the one of three rule for site identification in IIS. three things identify a virtual site in IIS: 1) IP address. 2) Port number. 3) Host header. change at least one of the three, and you have a different site in IIS. SSL will not work, however, if you're using host headers as your one of three. chris -Original Message- From: WebMaster [mailto:[EMAIL PROTECTED]] Sent: Monday, July 29, 2002 9:37 AM To: CF-Talk Subject: Re: problems with SSL and host-headers They were correct. Since IIS can't see the header, your request is going to be sent directly to port 443, which is most likely listened to by the default or admin virtual domain.. \ However, this is possible. I have done this in the past using the undefined ports starting at 28000. If you set your SSL port to 28000 for that virtual domain, this should work. You just have to remember to code all your links to point to the correct port. - Original Message - From: Christopher Olive [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, July 29, 2002 9:28 AM Subject: RE: problems with SSL and host-headers pretty much correct. in IIS, you cannot use host headers to differentiate sites AND use an SSL cert on those sites. the request is encrypted (obviously, it's SSL), and IIS can't see the encrypted host header to know which site to send it to (and which SSL cert to use to decrypt it). -Original Message- From: cf-talk [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 5:16 PM To: CF-Talk Subject: OT: problems with SSL and host-headers Hi list, I have a CF-shared box with one IP-adress. I would like to do the following: Having access to https://subdomain.domain.com:443 I have a valid certificate for this subdomain from Thawte but when I try to connect to that URL I get an error, that there is no such server. I am sure it has s.th. to do with host-headers. Someone else told me, that you can only run one certificate with one port (e.g. 443) on the same IP using host-headers (HTTP 1.1) Can s.o. verify this ? Thanks Uwe __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: problems with SSL and host-headers
Or you have to run SSL on different ports; 443 for one and a different port for the other. AFAIK, you need to have a dedicated IP for each site you want to use SSL on. __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: problems with SSL and host-headers
AFAIK, you need to have a dedicated IP for each site you want to use SSL on. This was discussed awhile back on the list. I'm sure you can find more info if you search the archives. HTH, chris -Original Message- From: cf-talk [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 2:16 PM To: CF-Talk Subject: OT: problems with SSL and host-headers Hi list, I have a CF-shared box with one IP-adress. I would like to do the following: Having access to https://subdomain.domain.com:443 I have a valid certificate for this subdomain from Thawte but when I try to connect to that URL I get an error, that there is no such server. I am sure it has s.th. to do with host-headers. Someone else told me, that you can only run one certificate with one port (e.g. 443) on the same IP using host-headers (HTTP 1.1) Can s.o. verify this ? Thanks Uwe __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists