Re: SSL, IIS CF...
Jim, Right now, I have only 2 IP Addresses available to use. 1 for the machine, and 1 for the site. Right now, I am using the machine's IP and the site's for the regular http site. I haven't dedicated one of those for the SSL key, which I could. Right now, when I click advanced, I only see port 80 attached to the site's IP. What dould you recommend? I do have two IPs available to use. So are you saying that I create a single site in the MMC and then create 2 virtual directories each having a different IP or are you saying to create 2 sites with each pointing to the same home directory but with different ports and different IPs bound to the same? You are really helping me out here...I haven't message with virtual hosting and leave most of the hosting side of things to those who know better...but in this case, I am the only one holding the bag. If you can be specific in what should go in the site parameters, the IP config for both the ports and sites, advanced properties and possible host header places, I think I might just be on my way...for the record, I guess I do have two IPs I can use, I can point the Key to either of them in the Key Manager and have nothing more to losehehe Thanks a ton, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:24 AM Subject: Re: SSL, IIS CF... That sounds like the way I usually set it up. Under the virtual site's properties you have TCP port 80 and SSL port 443 specified. If you click 'Advanced' you should see both ports bound to their respective IP address or host header. Are you using host headers (IPless domains) on your web server? If you're using host headers, remember that for SSL you need to have an IP address to which you bind the certificate. So, you could use host headers for the non-SSL (port 80) site, but you need an IP for SSL. Since you need a (dedicated) IP address for SSL on this site anyway, I'd just set up the http/port80 side using standard IP-based domain resolution as well and not use host headers at all for this particular virtual site. Have you completed installation of the certificate in Key Manager and pointed it to the correct IP address? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, May 28, 2001 11:03 PM Subject: Re: SSL, IIS CF... Jim, I issued the cert under the standard www.mysite.com. I haven't set up two virtual sites using different ports. Is that the key? And if so, how can you set them up to both use the same dir? I have tried to just use a single site with both ports open and that doesn't seem to work. Every time I try to connect to the https URL, I get a page not found error--for the same template I can call with no problem using the standard http request. Thanks for your help, by the way. I think you are on thr right track to getting me edumacated...or as Stan says, You must no ssl sites good. Cheers and clarification, Brandon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: SSL, IIS CF...
Yes, it is definitely the code calling Web Trends Live that is messing up the SSL page. I am trying to trap for the existence of https: in a page request but cannot seem to find any CGI or request variable that will return whether or not a page request is requesting http or https. Has anyone run across this? All I want to do is to not call the Web Trends Live code if the site requests an https page. That should solve my problem. Any help would be appreciated. Cheers, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 2:51 AM Subject: Re: SSL, IIS CF... Do you have stuff like img src=http://www.someothersite.com; on the page? That'll definitely cause stuff like this. I'm not familiar with the Web Trends Live code that you're talking about. Is this a java class or somesuch? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: Jim McAtee [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:42 AM Subject: Re: SSL, IIS CF... Jim, Darn it, I bet the secure and nonsecure message is coming up due to the existence of Web Trends Live code I have on all of my pages. Hmm...any suggestions? Cheers, BW - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:57 AM Subject: Re: SSL, IIS CF... Brandon, Are you using IIS4 (NT4) or IIS5 (Windows 2000)? Just to let you know... my only experience is with IIS4. The following describes what I see in one of my sites with a certificate installed. Select the virtual site and go to Properties (right click, then Properties, or click the finger/hand icon above. On the 'Web Site' tab, it shows the IP address, which I'd setup with the second of your two IP addresses. There's a box labeled 'TCP Port' which should have '80' in it. The 'SSL Port' box should have 443 in it. Clicking on the 'Advanced' button should show two areas, the above showing the port 80 configuration, the bottom one showing the port 443 config. If the 'SSL Port' box on the 'Web Site' tab is greyed out, I belive it's because there's no certificate is installed on the machine (not certain about this, however). Therefore, it may be necessary to correctly install the cert before doing the above. Not sure where you are with the certificate, so excuse me if you already know this: Under key manager your certificate must be installed and bound to the IP address that you're going to use for SSL. Double check this. Installing the certificate is a two part deal. First you generate a certificate request, which you send off to Thawte, Verisign, etc. They issue you a certificate which you then install in key manager. You go back to the request in key manager and install it there. Only after you've installed the certificate (just a block of encrypted text) will the certificate be active. Beyond the above, there shouldn't be anything you need to do with virtual directories or special directory permissions, etc. In fact, you probably don't want to mess with them unless for some other purpose. The entire site should be enabled for SSL. Which brings up some other issues. Once you get this far, I'll tell you about those. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:24 AM Subject: Re: SSL, IIS CF... Jim, Right now, I have only 2 IP Addresses available to use. 1 for the machine, and 1 for the site. Right now, I am using the machine's IP and the site's for the regular http site. I haven't dedicated one of those for the SSL key, which I could. Right now, when I click advanced, I only see port 80 attached to the site's IP. What dould you recommend? I do have two IPs available to use. So are you saying that I create a single site in the MMC and then create 2 virtual directories each having a different IP or are you saying to create 2 sites with each pointing to the same home directory but with different ports and different IPs bound to the same? You are really helping me out here...I haven't message with virtual hosting and leave most of the hosting side of things to those who know better...but in this case, I am the only one holding the bag. If you can be specific in what should go in the site parameters, the IP config for both the ports and sites, advanced properties and possible host header places, I think I might just be on my way...for the record, I guess I do have two IPs I can use, I can point the Key to either of them in the Key Manager and have nothing more to losehehe Thanks a ton, Brandon
Re: SSL, IIS CF...
Jim, Yes, I got it to work... Here is the code I used to keep the Web Trends code from showing. I sure hope this helps people out who might be going through these problems themselves. cfparam name=CGI.HTTPS default=off cfif #CGI.HTTPS# IS off cfinclude template=stats/Web_Trends_Live_Stats.cfm /cfif Thanks a ton, Brandon P.S. BTW, what were some of the caveats you were going to mention once the SSL worked? I am curious to find out if they are ones I have already come across. - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 2:22 PM Subject: Re: SSL, IIS CF... If you can turn CF debugging on you should see a cgi variable called HTTPS, with a value of on. Do something like: cfparam name=CGI.HTTPS default=off ... cfif not CGI.HTTPS ... put your outside site references, Web Trends stuff, etc. here. /cfif Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: Jim McAtee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:23 PM Subject: Re: SSL, IIS CF... Yes, it is definitely the code calling Web Trends Live that is messing up the SSL page. I am trying to trap for the existence of https: in a page request but cannot seem to find any CGI or request variable that will return whether or not a page request is requesting http or https. Has anyone run across this? All I want to do is to not call the Web Trends Live code if the site requests an https page. That should solve my problem. Any help would be appreciated. Cheers, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 2:51 AM Subject: Re: SSL, IIS CF... Do you have stuff like img src=http://www.someothersite.com; on the page? That'll definitely cause stuff like this. I'm not familiar with the Web Trends Live code that you're talking about. Is this a java class or somesuch? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: Jim McAtee [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:42 AM Subject: Re: SSL, IIS CF... Jim, Darn it, I bet the secure and nonsecure message is coming up due to the existence of Web Trends Live code I have on all of my pages. Hmm...any suggestions? Cheers, BW - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:57 AM Subject: Re: SSL, IIS CF... Brandon, Are you using IIS4 (NT4) or IIS5 (Windows 2000)? Just to let you know... my only experience is with IIS4. The following describes what I see in one of my sites with a certificate installed. Select the virtual site and go to Properties (right click, then Properties, or click the finger/hand icon above. On the 'Web Site' tab, it shows the IP address, which I'd setup with the second of your two IP addresses. There's a box labeled 'TCP Port' which should have '80' in it. The 'SSL Port' box should have 443 in it. Clicking on the 'Advanced' button should show two areas, the above showing the port 80 configuration, the bottom one showing the port 443 config. If the 'SSL Port' box on the 'Web Site' tab is greyed out, I belive it's because there's no certificate is installed on the machine (not certain about this, however). Therefore, it may be necessary to correctly install the cert before doing the above. Not sure where you are with the certificate, so excuse me if you already know this: Under key manager your certificate must be installed and bound to the IP address that you're going to use for SSL. Double check this. Installing the certificate is a two part deal. First you generate a certificate request, which you send off to Thawte, Verisign, etc. They issue you a certificate which you then install in key manager. You go back to the request in key manager and install it there. Only after you've installed the certificate (just a block of encrypted text) will the certificate be active. Beyond the above, there shouldn't be anything you need to do with virtual directories or special directory permissions, etc. In fact, you probably don't want to mess with them unless for some other purpose. The entire site should be enabled for SSL. Which brings up some other issues. Once you get this far, I'll tell you about those. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:24 AM Subject: Re: SSL, IIS CF... Jim
RE: SSL, IIS CF...
Two solutions: If you don't care about tracking the secure pages, you can take advantage of the cgi.server_port_secure variable and include or exclude the web trends code accordingly. Also, I know you can generate a https:// version of the web trends tag from the webtrendslive.com site under the customize your code section. HTH Bill -Original Message- From: Brandon Wood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 29, 2001 11:23 AM To: CF-Talk Subject: Re: SSL, IIS CF... Yes, it is definitely the code calling Web Trends Live that is messing up the SSL page. I am trying to trap for the existence of https: in a page request but cannot seem to find any CGI or request variable that will return whether or not a page request is requesting http or https. Has anyone run across this? All I want to do is to not call the Web Trends Live code if the site requests an https page. That should solve my problem. Any help would be appreciated. Cheers, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 2:51 AM Subject: Re: SSL, IIS CF... Do you have stuff like img src=http://www.someothersite.com; on the page? That'll definitely cause stuff like this. I'm not familiar with the Web Trends Live code that you're talking about. Is this a java class or somesuch? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: Jim McAtee [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:42 AM Subject: Re: SSL, IIS CF... Jim, Darn it, I bet the secure and nonsecure message is coming up due to the existence of Web Trends Live code I have on all of my pages. Hmm...any suggestions? Cheers, BW - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:57 AM Subject: Re: SSL, IIS CF... Brandon, Are you using IIS4 (NT4) or IIS5 (Windows 2000)? Just to let you know... my only experience is with IIS4. The following describes what I see in one of my sites with a certificate installed. Select the virtual site and go to Properties (right click, then Properties, or click the finger/hand icon above. On the 'Web Site' tab, it shows the IP address, which I'd setup with the second of your two IP addresses. There's a box labeled 'TCP Port' which should have '80' in it. The 'SSL Port' box should have 443 in it. Clicking on the 'Advanced' button should show two areas, the above showing the port 80 configuration, the bottom one showing the port 443 config. If the 'SSL Port' box on the 'Web Site' tab is greyed out, I belive it's because there's no certificate is installed on the machine (not certain about this, however). Therefore, it may be necessary to correctly install the cert before doing the above. Not sure where you are with the certificate, so excuse me if you already know this: Under key manager your certificate must be installed and bound to the IP address that you're going to use for SSL. Double check this. Installing the certificate is a two part deal. First you generate a certificate request, which you send off to Thawte, Verisign, etc. They issue you a certificate which you then install in key manager. You go back to the request in key manager and install it there. Only after you've installed the certificate (just a block of encrypted text) will the certificate be active. Beyond the above, there shouldn't be anything you need to do with virtual directories or special directory permissions, etc. In fact, you probably don't want to mess with them unless for some other purpose. The entire site should be enabled for SSL. Which brings up some other issues. Once you get this far, I'll tell you about those. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:24 AM Subject: Re: SSL, IIS CF... Jim, Right now, I have only 2 IP Addresses available to use. 1 for the machine, and 1 for the site. Right now, I am using the machine's IP and the site's for the regular http site. I haven't dedicated one of those for the SSL key, which I could. Right now, when I click advanced, I only see port 80 attached to the site's IP. What dould you recommend? I do have two IPs available to use. So are you saying that I create a single site in the MMC and then create 2 virtual directories each having a different IP or are you saying to create 2 sites with each pointing to the same home directory but with different ports and different IPs bound to the same? You are really helping me out here...I haven't message with virtual hosting and leave most of the hosting side of things to those who know
Re: SSL, IIS CF...
IIS 4.0 sets a CGI variable called HTTPS that is set to either On or Off. I haven't done any testing with IIS 5.0 yet. Kevin [EMAIL PROTECTED] 05/29/01 11:23AM Yes, it is definitely the code calling Web Trends Live that is messing up the SSL page. I am trying to trap for the existence of https: in a page request but cannot seem to find any CGI or request variable that will return whether or not a page request is requesting http or https. Has anyone run across this? All I want to do is to not call the Web Trends Live code if the site requests an https page. That should solve my problem. Any help would be appreciated. Cheers, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 2:51 AM Subject: Re: SSL, IIS CF... Do you have stuff like img src=http://www.someothersite.com; on the page? That'll definitely cause stuff like this. I'm not familiar with the Web Trends Live code that you're talking about. Is this a java class or somesuch? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: Jim McAtee [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:42 AM Subject: Re: SSL, IIS CF... Jim, Darn it, I bet the secure and nonsecure message is coming up due to the existence of Web Trends Live code I have on all of my pages. Hmm...any suggestions? Cheers, BW - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:57 AM Subject: Re: SSL, IIS CF... Brandon, Are you using IIS4 (NT4) or IIS5 (Windows 2000)? Just to let you know... my only experience is with IIS4. The following describes what I see in one of my sites with a certificate installed. Select the virtual site and go to Properties (right click, then Properties, or click the finger/hand icon above. On the 'Web Site' tab, it shows the IP address, which I'd setup with the second of your two IP addresses. There's a box labeled 'TCP Port' which should have '80' in it. The 'SSL Port' box should have 443 in it. Clicking on the 'Advanced' button should show two areas, the above showing the port 80 configuration, the bottom one showing the port 443 config. If the 'SSL Port' box on the 'Web Site' tab is greyed out, I belive it's because there's no certificate is installed on the machine (not certain about this, however). Therefore, it may be necessary to correctly install the cert before doing the above. Not sure where you are with the certificate, so excuse me if you already know this: Under key manager your certificate must be installed and bound to the IP address that you're going to use for SSL. Double check this. Installing the certificate is a two part deal. First you generate a certificate request, which you send off to Thawte, Verisign, etc. They issue you a certificate which you then install in key manager. You go back to the request in key manager and install it there. Only after you've installed the certificate (just a block of encrypted text) will the certificate be active. Beyond the above, there shouldn't be anything you need to do with virtual directories or special directory permissions, etc. In fact, you probably don't want to mess with them unless for some other purpose. The entire site should be enabled for SSL. Which brings up some other issues. Once you get this far, I'll tell you about those. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:24 AM Subject: Re: SSL, IIS CF... Jim, Right now, I have only 2 IP Addresses available to use. 1 for the machine, and 1 for the site. Right now, I am using the machine's IP and the site's for the regular http site. I haven't dedicated one of those for the SSL key, which I could. Right now, when I click advanced, I only see port 80 attached to the site's IP. What dould you recommend? I do have two IPs available to use. So are you saying that I create a single site in the MMC and then create 2 virtual directories each having a different IP or are you saying to create 2 sites with each pointing to the same home directory but with different ports and different IPs bound to the same? You are really helping me out here...I haven't message with virtual hosting and leave most of the hosting side of things to those who know better...but in this case, I am the only one holding the bag. If you can be specific in what should go in the site parameters, the IP config for both the ports and sites, advanced properties and possible host header places, I think I might just be on my way...for the record, I guess I do have
Re: SSL, IIS CF...
You are so cool...I found the code generator and made a version for SSL. And now I use the following code to check which one to show: cfparam name=CGI.HTTPS default=off cfif #CGI.HTTPS# IS off cfinclude template=stats/Web_Trends_Live_Stats.cfm cfelse cfinclude template=stats/Web_Trends_Live_Stats_SSL.cfm /cfif Thanks for the advice...That really helped! Cheers, Brandon - Original Message - From: Bill Holloway [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 3:53 PM Subject: RE: SSL, IIS CF... Two solutions: If you don't care about tracking the secure pages, you can take advantage of the cgi.server_port_secure variable and include or exclude the web trends code accordingly. Also, I know you can generate a https:// version of the web trends tag from the webtrendslive.com site under the customize your code section. HTH Bill -Original Message- From: Brandon Wood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 29, 2001 11:23 AM To: CF-Talk Subject: Re: SSL, IIS CF... Yes, it is definitely the code calling Web Trends Live that is messing up the SSL page. I am trying to trap for the existence of https: in a page request but cannot seem to find any CGI or request variable that will return whether or not a page request is requesting http or https. Has anyone run across this? All I want to do is to not call the Web Trends Live code if the site requests an https page. That should solve my problem. Any help would be appreciated. Cheers, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 2:51 AM Subject: Re: SSL, IIS CF... Do you have stuff like img src=http://www.someothersite.com; on the page? That'll definitely cause stuff like this. I'm not familiar with the Web Trends Live code that you're talking about. Is this a java class or somesuch? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: Jim McAtee [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:42 AM Subject: Re: SSL, IIS CF... Jim, Darn it, I bet the secure and nonsecure message is coming up due to the existence of Web Trends Live code I have on all of my pages. Hmm...any suggestions? Cheers, BW - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: Brandon Wood [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 1:57 AM Subject: Re: SSL, IIS CF... Brandon, Are you using IIS4 (NT4) or IIS5 (Windows 2000)? Just to let you know... my only experience is with IIS4. The following describes what I see in one of my sites with a certificate installed. Select the virtual site and go to Properties (right click, then Properties, or click the finger/hand icon above. On the 'Web Site' tab, it shows the IP address, which I'd setup with the second of your two IP addresses. There's a box labeled 'TCP Port' which should have '80' in it. The 'SSL Port' box should have 443 in it. Clicking on the 'Advanced' button should show two areas, the above showing the port 80 configuration, the bottom one showing the port 443 config. If the 'SSL Port' box on the 'Web Site' tab is greyed out, I belive it's because there's no certificate is installed on the machine (not certain about this, however). Therefore, it may be necessary to correctly install the cert before doing the above. Not sure where you are with the certificate, so excuse me if you already know this: Under key manager your certificate must be installed and bound to the IP address that you're going to use for SSL. Double check this. Installing the certificate is a two part deal. First you generate a certificate request, which you send off to Thawte, Verisign, etc. They issue you a certificate which you then install in key manager. You go back to the request in key manager and install it there. Only after you've installed the certificate (just a block of encrypted text) will the certificate be active. Beyond the above, there shouldn't be anything you need to do with virtual directories or special directory permissions, etc. In fact, you probably don't want to mess with them unless for some other purpose. The entire site should be enabled for SSL. Which brings up some other issues. Once you get this far, I'll tell you about those. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, May 29, 2001 12:24 AM Subject: Re: SSL, IIS CF... Jim, Right now, I have only 2 IP Addresses available to use. 1 for the machine, and 1 for the site. Right now, I am using the machine's IP and the site's
SSL, IIS CF...
Hey all... I am going to be a complete heel and ask a few questions about SSL to those who seem to work with it quite a bit in real world scenarios. I haven't had to implement an SSL-protected site or templates in some time and seem to be stumbling when trying to implement a strategy to begin. My situation is this: I have written an entire site, including non-secure forms that collect and store user data and the like using CF and SQL Server. I am in the process of securing the pages using SSL but have been having problems getting started. Is there any way I can use a directory to house both secure and non-secure forms and call them merely using https instead of http? I am having the worst time in trying to get even a page to show up using IIS's directory security using an SSL key pointed to an IP using the secured directory. There always seems to either be a page not found error or a SSL protected page error. Any help at all in getting any or all of these issues ironed out would be extremely useful, as I did not think it would take much time at all to roll out a secured version of the templates I had already writtenwhich may be an extremely huge misguided thought. Also, does anyone know of a GOOD repository of SSL, IIS, CF and setting these up in general? I have scoured the Microsoft site to no avail, and there is not much better info available from Allaire, it seems. Thanks a ton for the vine...and any help you may send my way. Cheers, Brandon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: SSL, IIS CF...
Brandon, Say your non-secure site is at www.mysite.com. Is your certificate issued for www.mysite.com or some other host name like secure.mysite.com? In IIS, have you set up two distinct virtual sites, or do you merely have both port 80 and port 443 enabled for a single virtual site? I've found the easiest way to work with SSL is to simply have the cert issued for the standard domain name www.mysite.com. Then content can be served using either http or https. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, May 28, 2001 9:49 PM Subject: SSL, IIS CF... Hey all... I am going to be a complete heel and ask a few questions about SSL to those who seem to work with it quite a bit in real world scenarios. I haven't had to implement an SSL-protected site or templates in some time and seem to be stumbling when trying to implement a strategy to begin. My situation is this: I have written an entire site, including non-secure forms that collect and store user data and the like using CF and SQL Server. I am in the process of securing the pages using SSL but have been having problems getting started. Is there any way I can use a directory to house both secure and non-secure forms and call them merely using https instead of http? I am having the worst time in trying to get even a page to show up using IIS's directory security using an SSL key pointed to an IP using the secured directory. There always seems to either be a page not found error or a SSL protected page error. Any help at all in getting any or all of these issues ironed out would be extremely useful, as I did not think it would take much time at all to roll out a secured version of the templates I had already writtenwhich may be an extremely huge misguided thought. Also, does anyone know of a GOOD repository of SSL, IIS, CF and setting these up in general? I have scoured the Microsoft site to no avail, and there is not much better info available from Allaire, it seems. Thanks a ton for the vine...and any help you may send my way. Cheers, Brandon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: SSL, IIS CF...
Jim, I issued the cert under the standard www.mysite.com. I haven't set up two virtual sites using different ports. Is that the key? And if so, how can you set them up to both use the same dir? I have tried to just use a single site with both ports open and that doesn't seem to work. Every time I try to connect to the https URL, I get a page not found error--for the same template I can call with no problem using the standard http request. Thanks for your help, by the way. I think you are on thr right track to getting me edumacated...or as Stan says, You must no ssl sites good. Cheers and clarification, Brandon - Original Message - From: Jim McAtee [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, May 28, 2001 11:29 PM Subject: Re: SSL, IIS CF... Brandon, Say your non-secure site is at www.mysite.com. Is your certificate issued for www.mysite.com or some other host name like secure.mysite.com? In IIS, have you set up two distinct virtual sites, or do you merely have both port 80 and port 443 enabled for a single virtual site? I've found the easiest way to work with SSL is to simply have the cert issued for the standard domain name www.mysite.com. Then content can be served using either http or https. Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, May 28, 2001 9:49 PM Subject: SSL, IIS CF... Hey all... I am going to be a complete heel and ask a few questions about SSL to those who seem to work with it quite a bit in real world scenarios. I haven't had to implement an SSL-protected site or templates in some time and seem to be stumbling when trying to implement a strategy to begin. My situation is this: I have written an entire site, including non-secure forms that collect and store user data and the like using CF and SQL Server. I am in the process of securing the pages using SSL but have been having problems getting started. Is there any way I can use a directory to house both secure and non-secure forms and call them merely using https instead of http? I am having the worst time in trying to get even a page to show up using IIS's directory security using an SSL key pointed to an IP using the secured directory. There always seems to either be a page not found error or a SSL protected page error. Any help at all in getting any or all of these issues ironed out would be extremely useful, as I did not think it would take much time at all to roll out a secured version of the templates I had already writtenwhich may be an extremely huge misguided thought. Also, does anyone know of a GOOD repository of SSL, IIS, CF and setting these up in general? I have scoured the Microsoft site to no avail, and there is not much better info available from Allaire, it seems. Thanks a ton for the vine...and any help you may send my way. Cheers, Brandon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: SSL, IIS CF...
That sounds like the way I usually set it up. Under the virtual site's properties you have TCP port 80 and SSL port 443 specified. If you click 'Advanced' you should see both ports bound to their respective IP address or host header. Are you using host headers (IPless domains) on your web server? If you're using host headers, remember that for SSL you need to have an IP address to which you bind the certificate. So, you could use host headers for the non-SSL (port 80) site, but you need an IP for SSL. Since you need a (dedicated) IP address for SSL on this site anyway, I'd just set up the http/port80 side using standard IP-based domain resolution as well and not use host headers at all for this particular virtual site. Have you completed installation of the certificate in Key Manager and pointed it to the correct IP address? Jim - Original Message - From: Brandon Wood [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, May 28, 2001 11:03 PM Subject: Re: SSL, IIS CF... Jim, I issued the cert under the standard www.mysite.com. I haven't set up two virtual sites using different ports. Is that the key? And if so, how can you set them up to both use the same dir? I have tried to just use a single site with both ports open and that doesn't seem to work. Every time I try to connect to the https URL, I get a page not found error--for the same template I can call with no problem using the standard http request. Thanks for your help, by the way. I think you are on thr right track to getting me edumacated...or as Stan says, You must no ssl sites good. Cheers and clarification, Brandon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists