Subject: RE: SSL Certificates
I've been looking around on Google for some info on making a
self-signed cert, but haven't found anything that makes sense.
Is there some software or something built into IIS 5 that
allows me to make self-signed certs? MakeCert.exe?
There's nothing built into IIS
-Original Message-
From: Eric Roberts
To: CF-Talk
Sent: Tue Aug 08 05:59:02 2006
Subject: RE: SSL Certificates
Download OpenSSL and follow the directions to make a self signed one. It's
a real PIA. We had to do one for a dev server that had secure content. It
was not fun.
Eric
-Original
that the
site was secure to start with.
However, for the sites that do use SSL, it works fine.
M!ke
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 10:02 PM
To: CF-Talk
Subject: RE: SSL Certificates
I can upgrade to Windows Server 2003 R2, Web Edition
: RE: SSL Certificates
I see. That would only work if your sites were within the same domain,
however.
Are you certain about that, Dave? I didn't see anything in the text
that would indicate all the sites had to be part of the same domain...I
now wildcard certs seem to work that way now
AM
To: CF-Talk
Subject: RE: SSL Certificates
Download OpenSSL and follow the directions to make a self signed one. It's
a real PIA. We had to do one for a dev server that had secure content. It
was not fun.
Eric
12:59 AM
To: CF-Talk
Subject: RE: SSL Certificates
Download OpenSSL and follow the directions to make a self signed one. It's
a real PIA. We had to do one for a dev server that had secure content. It
was not fun.
Eric
purchased and installed a cert for a single domain, but it's
not working because of the IIS 5 / SSL / Host Header issue...
Rick
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 1:40 AM
To: CF-Talk
Subject: Re: SSL Certificates
It's
To: CF-Talk
Subject: RE: SSL Certificates
I would agree with Dave that a wildcard works for only one domain.
Ours, basically, is *.evansville.edu. As long as we host any
...evansville.edu site, we can secure it. If we add another domain, such as
newdomain.edu, we would need to purchase another
at http://www.reedexpo.com
-Original Message-
From: Rick Faircloth
To: CF-Talk
Sent: Tue Aug 08 12:39:02 2006
Subject: RE: SSL Certificates
Hi, Neil...thanks for the offer!
If I get stuck, I'll take you up on it!
Here's a question, however...since IIS 5 can't use SSL with host headers
So...is the final answer to our discussion that I can use
regular (not wildcard certs) for a single domain on Win 2003
Server using host headers, but I have to purchase an
individual cert for each domain? (Regular certs are cheap
and I can pass that on to each client without any
MS gives some fairly straightforward instructions about how
to set up SSL on IIS 5 using Certificate Server 2.0. Would
this produce the same thing as OpenSSL?
Yes, in that it will allow you to generate a certificate. However,
Certificate Server is intended for people who want to generate
Here's the link in case anyone wanted to look at the MS
instructions for using Certificate Server:
http://support.microsoft.com/kb/299525/EN-US/
Looks like a self-signed cert...
No, not exactly. When you use Certificate Server, you generate certificates
that are signed by the root
turn out to be so
complicated. :oP
Rick
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 7:57 AM
To: CF-Talk
Subject: Re: SSL Certificates
Well we get around that problem by redirecting everyone to a single
secure.x.com.
That way
Sorry...I'm sure I'm not understanding...
Instead of having everyone answer individual questions about how
certificates and host headers work, can you provide a non-technical
description of what, exactly, you want to accomplish? Think of it as a
requirements document, if you like. Emphasis
at this point is to have a separate IP and
hardware/software server for every domain that needs SSL!
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 8:26 AM
To: CF-Talk
Subject: RE: SSL Certificates
So...is the final answer to our discussion
transmission
secured. Is there another technology I should explore besides a cert for
this?
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 8:30 AM
To: CF-Talk
Subject: RE: SSL Certificates
Here's the link in case anyone wanted to look
, August 08, 2006 8:26 AM
To: CF-Talk
Subject: RE: SSL Certificates
This is exactly what we do. We have one secure domain
.secure.blahblah.com and the moment you go from say www.foo.com or
www.gnu.com to a secure location you get redirected to secure.blahblah.com.
So, all secure requests go
Right, the secure domain is on its own IP - this is normal practice.
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: 08 August 2006 14:06
To: CF-Talk
Subject: RE: SSL Certificates
We have one secure domain secure.blahblah.com
But that secure domain isn't
sites! :o)
Rick
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 8:57 AM
To: CF-Talk
Subject: RE: SSL Certificates
Right, the secure domain is on its own IP - this is normal practice.
-Original Message-
From: Rick
So, then, what you're saying is there's no way to accomplish
what I'm trying to do...host multiple domains via host
headers and use SSL for only 1 more more sites...right?
Right.
If so, how do hosting companies deal with securing some sites
on a server, but not others?
The only
Current hosting setup:
- Windows 2000 Server, IIS 5.0
- Hosting multiple websites via Host Headers
Need:
- I have a client whose non-public web application is hosted on
my server and needs to secure transmission of data between the
browser using the app and my server
How best
, August 08, 2006 10:11 AM
To: CF-Talk
Subject: RE: SSL Certificates
So, then, what you're saying is there's no way to accomplish what I'm
trying to do...host multiple domains via host headers and use SSL for
only 1 more more sites...right?
Right.
If so, how do hosting companies deal
? (All on the same hardware and software as the non-SSL
host header
sites?)
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 10:13 AM
To: CF-Talk
Subject: RE: SSL Certificates
Current hosting setup:
- Windows 2000 Server, IIS 5.0
and they want to go back they switch back to www.foo.com
and all is good.
N
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: 08 August 2006 15:04
To: CF-Talk
Subject: RE: SSL Certificates
But what does the secure.blahblah.com site/domain do for
the traffic
PROTECTED]
Sent: 08 August 2006 15:04
To: CF-Talk
Subject: RE: SSL Certificates
But what does the secure.blahblah.com site/domain do for
the traffic that is routed to it? Just encrypt data sent to it
from the other sites? In your example, what would secure.blahblah.com
do for traffic sent to it from
So, I can host non-SSL sites with host headers on the same
IP, but would need a separate IP for any site that requires
an SSL Cert.
Yes. If you wanted to have a bunch of hostnames pointing to this IP, that
would work fine, since you don't care whether the hostname matches what's in
the
So just get a separate IP and put that site on it without
host headers and apply the cert and I'm in business? (All on
the same hardware and software as the non-SSL host header
sites?)
Yes.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest
hosting vs multiple site hosting...seems to be where the rub
is...
Rick
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 10:23 AM
To: CF-Talk
Subject: RE: SSL Certificates
Yes, for us it is payments. We have 3 web servers, load
Gotcha...thanks, Neil.
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 10:24 AM
To: CF-Talk
Subject: RE: SSL Certificates
To add, the user effectively sees exactly the same site as they would do
under www.foo.com; all
Great!
Thanks for all the help, Dave, et al!
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
leaf.com]
Sent: Tuesday, August 08, 2006 10:51 AM
To: CF-Talk
Subject: RE: SSL Certificates
So just get a separate IP and put that site on it without host headers
?
And, SSL traffic would be light, at least at first (hope this is an app
and service I can sell...) so I shouldn't need any SSL hardware
acceleration.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 10:50 AM
To: CF-Talk
Subject: RE: SSL
PROTECTED]
Sent: Tuesday, August 08, 2006 10:24 AM
To: CF-Talk
Subject: RE: SSL Certificates
Great!
Thanks for all the help, Dave, et al!
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
leaf.com]
Sent: Tuesday, August 08, 2006 10:51 AM
To: CF-Talk
Subject: RE: SSL
No, we have over 300 domains/sites but when they want to do a transaction -
the goto secure..
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: 08 August 2006 16:15
To: CF-Talk
Subject: RE: SSL Certificates
I guess that's the difference in our scenarios
So using CNAME's would take the place of relying on host headers?
In DNS, CNAME records allow you to map multiple hostnames to a single IP
address. More specifically, you create an A record mapping a hostname to an
IP address, then you create CNAME records mapping hostnames to the hostname
you
hosting via host headers?
Rick
-Original Message-
From: Mark A Kruger [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 11:50 AM
To: CF-Talk
Subject: RE: SSL Certificates
I'm late to this party but I write up on this that may help explain it... I
know this has already
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 11:40 AM
To: CF-Talk
Subject: RE: SSL Certificates
No, we have over 300 domains/sites but when they want to do a transaction -
the goto secure..
-Original Message-
From: Rick
Can a virtual server be setup to handle a single SSL domain
while another virtual server handles web hosting via host
headers?
Yes, as long as they have different IP addresses and different corresponding
hostnames. For example, you couldh't have http://www.whatever.com/ and
with the traffic once is received the request?
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 1:16 PM
To: CF-Talk
Subject: RE: SSL Certificates
Can a virtual server be setup to handle a single SSL
domain while
another virtual server handles web
When you use host headers the Webserver is aware that IP has Host based
sites and looks in the Headers to determine which site to send the request
to. If it is an IP based site it wouldn't matter when the DNS resolves for
the domain it would only request on that IP address.
As for DNS you should
Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 08 August 2006 06:37
To: CF-Talk
Subject: RE: SSL Certificates
Thanks for the tip, Eric.
MS gives some fairly straightforward instructions about how to set up SSL on
IIS 5 using Certificate Server 2.0. Would this produce
I just purchased my first Security Certificate and need to
know how to apply it to my server / sites.
I host multiple sites. Would the certificate apply to my
server and therefore to all the sites on my server or would
each site have to have its own certificate?
Certificates apply to
: Monday, August 07, 2006 9:31 PM
To: CF-Talk
Subject: RE: SSL Certificates
I just purchased my first Security Certificate and need to know how to
apply it to my server / sites.
I host multiple sites. Would the certificate apply to my server and
therefore to all the sites on my server
Let me suggest that you get a wildcard certificate, in case you are
hosting multiple web sites for the same domain.
www.domain.com
Mail.domain.com
Intranet.domain.com
Etc.domain.com
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:46 PM
to Win 2003 Server
and II6 to host multiple websites using host headers along with SSL
certificates?
Rick
-Original Message-
From: Dawson, Michael [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 10:10 PM
To: CF-Talk
Subject: RE: SSL Certificates
Let me suggest that you get
On 8/7/06, Rick Faircloth [EMAIL PROTECTED] wrote:
Thanks, Dave...some reading I was doing after posting finally confirmed
that I would have to have 1 certificate for each domain, or either purchase
a multiple domain (up to 4 domains) certificate for about $500!
Rick
I would do some
Rats! After I installed my certificate and couldn't access
the secured site, I started digging around and found out that
IIS 5 and Win 2000 Server can't use Hosting Headers and SSL!
I host multiple websites and I use Host Headers to do so.
Am I understanding correctly that I'll have to
PM
To: CF-Talk
Subject: RE: SSL Certificates
Let me suggest that you get a wildcard certificate, in case you are hosting
multiple web sites for the same domain.
www.domain.com
Mail.domain.com
Intranet.domain.com
Etc.domain.com
PROTECTED]
Sent: Monday, August 07, 2006 10:35 PM
To: CF-Talk
Subject: Re: SSL Certificates
On 8/7/06, Rick Faircloth [EMAIL PROTECTED] wrote:
Thanks, Dave...some reading I was doing after posting finally
confirmed that I would have to have 1 certificate for each domain, or
either purchase
PM
To: CF-Talk
Subject: RE: SSL Certificates
Rats! After I installed my certificate and couldn't access the
secured site, I started digging around and found out that IIS 5 and
Win 2000 Server can't use Hosting Headers and SSL!
I host multiple websites and I use Host Headers to do so
I can upgrade to Windows Server 2003 R2, Web Edition with
II6, which does support SSL and Host Headers for only $400!
Again, I don't think this is the case, because of the way that SSL and host
headers work. You can use one, or the other, but not both.
Dave Watts, CTO, Fig Leaf Software
Public perception is not a problem...I'm hosting a non-public
office application for an insurance agent, which will have no
pages for the public to view.
In that case, you don't need to buy anything at all. Just use a self-signed
certificate as Jim suggested.
A self-signed certificate
If I'm reading the text below from MS's website correctly,
then IIS can support multiple websites with host headers, but
only with a wildcard certificate...
I see. That would only work if your sites were within the same domain,
however.
Dave Watts, CTO, Fig Leaf Software
: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 11:05 PM
To: CF-Talk
Subject: RE: SSL Certificates
Public perception is not a problem...I'm hosting a non-public office
application for an insurance agent, which will have no pages for the
public to view.
In that case, you
: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:36 PM
To: CF-Talk
Subject: RE: SSL Certificates
Thanks, Dave...some reading I was doing after posting finally confirmed that
I would have to have 1 certificate for each domain, or either purchase a
multiple domain (up to 4
Are you certain about that, Dave? I didn't see anything in
the text that would indicate all the sites had to be part of
the same domain...I now wildcard certs seem to work that way
now, but perhaps it's different in Win 2003 Server and IIS 6?
Certs are certs - there's nothing OS-specific
I've been looking around on Google for some info on making a
self-signed cert, but haven't found anything that makes sense.
Is there some software or something built into IIS 5 that
allows me to make self-signed certs? MakeCert.exe?
There's nothing built into IIS to do this, but there
: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:36 PM
To: CF-Talk
Subject: RE: SSL Certificates
Thanks, Dave...some reading I was doing after posting finally confirmed that
I would have to have 1 certificate for each domain, or either purchase a
multiple domain (up to 4
Subject: RE: SSL Certificates
I've been looking around on Google for some info on making a self-signed
cert, but haven't found anything that makes sense.
Is there some software or something built into IIS 5 that allows me to make
self-signed certs? MakeCert.exe?
Rick
-Original Message
FYI right now I'm looking at either Verisign's Managed PKI program with
their base certs or Thawte's SPKI program, again with the base certs.
Has anyone used any of these, any comments on which is better? As
mentioned we've got five-or-six hostnames to secure and I'm looking to
do it affordably
I dropped Verisign years ago and have had zero browser problems as a
result. Thatwte is just Verisign's cheaper (not much) subsidiary.
Look at Comodo (instantssl.com). $50 per cert and essentially
ubiquitous.
What matters is that browser ubiquity. Check each mfr's table on
that. The only
I need to pick up an SSL certificate, any recommendations or
pitfalls I should think about it?
I've always had good service from Thawte, and they're still cheaper than
Verisign, despite being owned by Verisign. Be very careful to save all of
the key generation information that you create,
I have heard alot of good things about equifax and their secure certificate.
http://www.equifax.com/DigitalCertificates
Good Luck
Paul Giesenhagen
QuillDesign
http://www.quilldesign.com
SiteDirector v2.0 - Commerce Builder
- Original Message -
From: Eric Dawson [EMAIL PROTECTED]
To:
: SSL Certificates - provider recommendations?
I have heard alot of good things about equifax and their secure certificate.
http://www.equifax.com/DigitalCertificates
Good Luck
Paul Giesenhagen
QuillDesign
http://www.quilldesign.com
SiteDirector v2.0 - Commerce Builder
- Original Message
Thawte.com certificates are much cheaper than verisign ones... and they have
a partners/resellers program set up so that your second SSL cert will be
cheaper.
The nice Aussie sounding fellow who hooked me up:
[EMAIL PROTECTED]
I need to pick up an SSL certificate, any recommendations or
Be very careful to save all of
the key generation information that you create, including the actual key
request. If you're installing the key on IIS, create a key backup file,
and
store that offsite.
I second that!!! Nothing worse than having to pay for a new certificate
because the
Get the cheapest one. Paying for an SSL cert just proves to people you are
who you say you are. For development purposes, intranet, or known
counterparty apps you can make your own SSL cert for free.
http://www.openssl.org
On Tue, 26 Mar 2002, Eric Dawson wrote:
I need to pick up an SSL
I have had good results with Thawte as well. We use there PKI system
(along with Verisign).
That Aussie sounding fellow is, almost without doubt, South African g.
At 08:37 AM 3/26/2002 -0800, you wrote:
Thawte.com certificates are much cheaper than verisign ones... and they have
a
I just signed up with Geotrust as a reseller, and am awaiting my acct
setup. You get a good pop despite the low certificate price, and a
certificate can be installed in literally a few minutes. You'll often
spend more time in IIS generating the request than you will waiting for
GeoTrust to
68 matches
Mail list logo