Re: [OT] Comodo EV SSL

2017-07-11 Thread Greg Keogh 
>
> Do a “ping” and verify the hostnames are resolving to the correct IP.
>
> Then hit each http:// and https:// hostname in turn.
>

You've led me to the answer!

I can ping the domain with and without www. IIS is never reached for http
requests as nothing is logged for them.

I didn't ask my cat this time, I sat back and looked around, and I noticed
the D-Link switch hanging on the wall. What if it wasn't forwarding port
80!! ... *And it wasn't* (and it hasn't for a few years, just 443).

Bingo, now the http-to-https redirect is hit and it's all working as I
hoped.

Thanks everyone for your help. I think this problem is caused by wearing
too many hats. I code for 6 hours straight and then try to do something
completely unrelated which I haven't touched for a year. Modern software
development is like maintaining a working atomic clock in your spare time.

*GK*

Re: [OT] Comodo EV SSL

2017-07-11 Thread Greg Keogh 
>
> Do you have more than one site hosted on your IIS server?
>

Not for the last year.

If not, just remove all the Host header values – you only need an IP + Port
> binding – one for HTTP and one for HTTPS
>

Drats! I tried a some combinations along the lines of your suggestion, but
no change in the problem. I did however find that I had superfluous binding
entries that I've removed.

*GK*

RE: [OT] Comodo EV SSL

2017-07-11 Thread Ken Schaefer 
Do you have more than one site hosted on your IIS server?

If not, just remove all the Host header values – you only need an IP + Port 
binding – one for HTTP and one for HTTPS

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of Greg Keogh
Sent: Wednesday, 12 July 2017 6:03 AM
To: ozDotNet <ozdotnet@ozdotnet.com>
Subject: Re: [OT] Comodo EV SSL

fwiw i usually redirect http to https

I had another bash at this with a fresh mind after reading various articles. I 
have 2 pairs of site bindings for http and https (www prefix and without). My 
DNS points both www and without to my IP. I added a redirect rule based upon 
this 
one<https://docs.microsoft.com/en-au/azure/app-service-web/app-service-web-tutorial-custom-ssl>,
 but there are many other samples that are nearly identical and I tried a few 
combinations.

All I get is "Can't reach this page" with detail INET_E_RESOURCE_NOT_FOUND. 
This hints it's a DNS problem, but where?!

GK

Re: [OT] Comodo EV SSL

2017-07-11 Thread Greg Keogh 
I have Url Rewrite working nicely for other rules. I pasted yours at the
top verbatim and it makes no difference. So there is some external problem
(DNS I'm guessing) that's causing the "Can't reach this page". My DNS
records are hosted at VentraIP and in their management page the two A
records look basic and correct -- *Greg K*

On 12 July 2017 at 09:28, Wallace Turner  wrote:

> do u have url rewrite [1] installed on IIS ?
> additionally here is my rewrite rule
>
>
> 
> 
>   
> 
> 
>   
>   
> 
>   
>   https://{HTTP_HOST}{REQUEST_URI};
> redirectType="Permanent" appendQueryString="false" />
> 
>   
> 
>   
>
>
> [1]: https://www.iis.net/downloads/microsoft/url-rewrite
>
>
> On Wed, Jul 12, 2017 at 4:03 AM, Greg Keogh  wrote:
>
>> fwiw i usually redirect http to https
>>>
>>
>> I had another bash at this with a fresh mind after reading various
>> articles. I have 2 pairs of site bindings for http and https (www prefix
>> and without). My DNS points both www and without to my IP. I added a
>> redirect rule based upon this one
>> ,
>> but there are many other samples that are nearly identical and I tried a
>> few combinations.
>>
>> All I get is "Can't reach this page" with detail
>> INET_E_RESOURCE_NOT_FOUND. This hints it's a DNS problem, but where?!
>>
>> *GK*
>>
>
>

Re: [OT] Comodo EV SSL

2017-07-11 Thread Wallace Turner 
do u have url rewrite [1] installed on IIS ?
additionally here is my rewrite rule




  


  
  

  
  https://{HTTP_HOST}{REQUEST_URI};
redirectType="Permanent" appendQueryString="false" />

  

  


[1]: https://www.iis.net/downloads/microsoft/url-rewrite


On Wed, Jul 12, 2017 at 4:03 AM, Greg Keogh  wrote:

> fwiw i usually redirect http to https
>>
>
> I had another bash at this with a fresh mind after reading various
> articles. I have 2 pairs of site bindings for http and https (www prefix
> and without). My DNS points both www and without to my IP. I added a
> redirect rule based upon this one
> ,
> but there are many other samples that are nearly identical and I tried a
> few combinations.
>
> All I get is "Can't reach this page" with detail
> INET_E_RESOURCE_NOT_FOUND. This hints it's a DNS problem, but where?!
>
> *GK*
>

Re: [OT] Comodo EV SSL

2017-07-11 Thread Greg Keogh 
>
> fwiw i usually redirect http to https
>

I had another bash at this with a fresh mind after reading various
articles. I have 2 pairs of site bindings for http and https (www prefix
and without). My DNS points both www and without to my IP. I added a
redirect rule based upon this one
,
but there are many other samples that are nearly identical and I tried a
few combinations.

All I get is "Can't reach this page" with detail INET_E_RESOURCE_NOT_FOUND.
This hints it's a DNS problem, but where?!

*GK*

Re: [OT] Comodo EV SSL

2017-07-11 Thread Wallace Turner 
you run an executable (built for windows or linux) as a scheduled task/cron
daily or however often...
as for http and https its a cinch eh? just add a binding for both?
fwiw i usually redirect http to https

[image: Inline image 1]

On Tue, Jul 11, 2017 at 2:41 PM, Greg Keogh  wrote:

> Ah, you can automate the process by running an "agent" (a service?) on
> your server. I see Comodo also offer a free 90 day certificate. This could
> be a weekend project to apply to my personal domain.
>
> As a side issue ... last time I tried to get IIS on 2012 to allow both
> http and https to the same domain it went haywire in incomprehensible ways
> and I reverted back to https only. I presume there was some simple trick I
> missed despite the searches for help. I'll have to battle that problem
> again as I'd want both working on my hobby site.
>
> *GK*
>
> On 11 July 2017 at 15:34, Wallace Turner  wrote:
>
>> >It's a shame they only last 90 days
>>
>> that *is* the feature - you set up your server to auto-renew the cert
>> (every 60 days so if theres a problem you have 30 more to sort)
>> so right now on my server i have a scheduled task that checks every day
>> for a renewal.
>>
>> read more here:
>> https://letsencrypt.org/2015/11/09/why-90-days.html
>> i like point 2)
>> >They encourage automation
>>
>> On Tue, Jul 11, 2017 at 11:23 AM, Greg Keogh  wrote:
>>
>>> is free cheap enough ?
 https://letsencrypt.org/

 b4 you bag it out read the faq
 https://letsencrypt.org/docs/faq/

>>>
>>> Quite surprising! It's a shame they only last 90 days
>>>
>>> I eventually got the truth out of one of the Comodo sales people that
>>> the cheapest EV cert was a "Positive EV SSL" (whatever the hell that is in
>>> their overly large product range). Cost $US149/year, which was within my
>>> tolerance limits. So it's in an running.
>>>
>>>  -- *GK*
>>>
>>
>>
>

Re: [OT] Comodo EV SSL

2017-07-11 Thread Greg Keogh 
Ah, you can automate the process by running an "agent" (a service?) on your
server. I see Comodo also offer a free 90 day certificate. This could be a
weekend project to apply to my personal domain.

As a side issue ... last time I tried to get IIS on 2012 to allow both http
and https to the same domain it went haywire in incomprehensible ways and I
reverted back to https only. I presume there was some simple trick I missed
despite the searches for help. I'll have to battle that problem again as
I'd want both working on my hobby site.

*GK*

On 11 July 2017 at 15:34, Wallace Turner  wrote:

> >It's a shame they only last 90 days
>
> that *is* the feature - you set up your server to auto-renew the cert
> (every 60 days so if theres a problem you have 30 more to sort)
> so right now on my server i have a scheduled task that checks every day
> for a renewal.
>
> read more here:
> https://letsencrypt.org/2015/11/09/why-90-days.html
> i like point 2)
> >They encourage automation
>
> On Tue, Jul 11, 2017 at 11:23 AM, Greg Keogh  wrote:
>
>> is free cheap enough ?
>>> https://letsencrypt.org/
>>>
>>> b4 you bag it out read the faq
>>> https://letsencrypt.org/docs/faq/
>>>
>>
>> Quite surprising! It's a shame they only last 90 days
>>
>> I eventually got the truth out of one of the Comodo sales people that the
>> cheapest EV cert was a "Positive EV SSL" (whatever the hell that is in
>> their overly large product range). Cost $US149/year, which was within my
>> tolerance limits. So it's in an running.
>>
>>  -- *GK*
>>
>
>

Re: [OT] Comodo EV SSL

2017-07-10 Thread Wallace Turner 
>It's a shame they only last 90 days

that *is* the feature - you set up your server to auto-renew the cert
(every 60 days so if theres a problem you have 30 more to sort)
so right now on my server i have a scheduled task that checks every day for
a renewal.

read more here:
https://letsencrypt.org/2015/11/09/why-90-days.html
i like point 2)
>They encourage automation

On Tue, Jul 11, 2017 at 11:23 AM, Greg Keogh  wrote:

> is free cheap enough ?
>> https://letsencrypt.org/
>>
>> b4 you bag it out read the faq
>> https://letsencrypt.org/docs/faq/
>>
>
> Quite surprising! It's a shame they only last 90 days
>
> I eventually got the truth out of one of the Comodo sales people that the
> cheapest EV cert was a "Positive EV SSL" (whatever the hell that is in
> their overly large product range). Cost $US149/year, which was within my
> tolerance limits. So it's in an running.
>
>  -- *GK*
>

Re: [OT] Comodo EV SSL

2017-07-10 Thread Greg Keogh 
>
> is free cheap enough ?
> https://letsencrypt.org/
>
> b4 you bag it out read the faq
> https://letsencrypt.org/docs/faq/
>

Quite surprising! It's a shame they only last 90 days

I eventually got the truth out of one of the Comodo sales people that the
cheapest EV cert was a "Positive EV SSL" (whatever the hell that is in
their overly large product range). Cost $US149/year, which was within my
tolerance limits. So it's in an running.

 -- *GK*

Re: [OT] Comodo EV SSL

2017-07-10 Thread Wallace Turner 
is free cheap enough ?
https://letsencrypt.org/

b4 you bag it out read the faq
https://letsencrypt.org/docs/faq/



On Fri, Jun 23, 2017 at 6:22 AM, Greg Keogh  wrote:

> Why are you using an EV cert?
>>
>
> Because it looks pretty and creates a nice impression.
>
> I could downgrade to a cheaper non-EV option, which is my backup plan. I
> see on their website there's a $117.51 EV option which the sales person
> never mentioned. Typical product and price confusion.
>
> *GK*
>

Re: [OT] Comodo EV SSL

2017-06-22 Thread David Connors 
Why are you using an EV cert?

On Fri, 23 Jun 2017 at 07:55 Greg Keogh  wrote:

> Folks, I was about to renew a 3rd year of my Comodo EV SSL
>  cert, but
> the $US99/year price in previous years has jumped to $249. A sales person
> confusingly told me the "standard price" is $449 and the "current price" is
> $249. More confusingly their web site lists a single-domain EV SSL cert for
> $117.51 (which is in my tolerance range).
>
> So while I argue with Comodo over their prices, I was wondering if anyone
> in here has tips on where to get good value certs.
>
> *Greg K*
>
>
> --
David Connors
da...@connors.com | @davidconnors | LinkedIn | +61 417 189 363