Host Headers & SSL on same box ?

SSL and host headers can be used at the same time on the same server, but
not the same site. For instance:

SiteA - SSL
SiteB - Host headers

....will work fine. You just can't have SSL and host headers on SiteA.

"Chris" <anonymous DeleteThis @discussions.microsoft.com> wrote in message
news:23BA5499-94A9-4EAD-9C92-5A69AF8318EC@microsoft.com...
 > Am trying to use one box to host multiple sites on the same box using 3rd
level domains (acme1.mystore.com, acme2.mystore.com, acme3....).
 >
 > Can u use host headers AND use SSL on the same box? Is the following
(from MSFT kb) saying you cant? Is this applicable to IIS6?
 >
 > =========
 >
 > To use host headers on multiple Web sites that offer secure Internet
services, you must host the HTTPS services on a separate server, identify
the HTTPS site with an IP address, and redirect requests for secure services
to that server. This is required because HTTPS encrypts host header names
through Secure Sockets Layer (SSL) so that host header information cannot be
interpreted by a Web site that hosts SSL services on the same server.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Host Headers & SSL on same box ? 

thanks for the info. hope u have a minute to comment on something. i'm sure i'm gunna butcher the terminology here but what i'm trying to do is move my site from Verio to a site that i will host. Once i get a static IP from a provider, i take it that i would then update the Verio DNS entries for my site to point to the new IP address. What about primary & secondary server info? is secondary reqd? (missing the obvious?)

I see the setup may look something like:

<a style='text-decoration: underline;' href="http://www.mysite.com" target="_blank">www.mysite.com</a> (main site... c:\inetpub\wwroot\)
<a style='text-decoration: underline;' href="http://www.mysite.com/secure" target="_blank">www.mysite.com/secure</a> (c:\inetpub\wwroot\secure apply cert for this folder?)

host headers
========
acme1.mysite.com (c:\inetput\wwroot\acme1\...)
acme2.mysite.com (c:\inetput\wwroot\acme2\...)
acme3.mysite.com (c:\inetput\wwroot\acme3\...)

does it matter is these acme stores point to directories UNDER the inetpub\wwroot folder or should they be located elsewhere for security reasons?

to use SSL, does it make sense to "apply" the cert to the <a style='text-decoration: underline;' href="http://www.mysite.com/secure" target="_blank">www.mysite.com/secure</a> folder (routing purchases thru these pages)?

should i being using W3KServer to do this?



----- Keith W. McCammon wrote: -----

SSL and host headers can be used at the same time on the same server, but
not the same site. For instance:

SiteA - SSL
SiteB - Host headers

....will work fine. You just can't have SSL and host headers on SiteA.

"Chris" <anonymous RemoveThis @discussions.microsoft.com> wrote in message
news:23BA5499-94A9-4EAD-9C92-5A69AF8318EC@microsoft.com...
  > Am trying to use one box to host multiple sites on the same box using 3rd
level domains (acme1.mystore.com, acme2.mystore.com, acme3....).
   >> Can u use host headers AND use SSL on the same box? Is the following
(from MSFT kb) saying you cant? Is this applicable to IIS6?
   >> =========
   >> To use host headers on multiple Web sites that offer secure Internet
services, you must host the HTTPS services on a separate server, identify
the HTTPS site with an IP address, and redirect requests for secure services
to that server. This is required because HTTPS encrypts host header names
through Secure Sockets Layer (SSL) so that host header information cannot be
interpreted by a Web site that hosts SSL services on the same server.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Host Headers & SSL on same box ? 

To begin with, it seems that you haven't done much homework related to this
move, or to management of a web server at all. I highly recommend that you
take some time and figure this out on your own.

 > thanks for the info. hope u have a minute to comment on something. i'm
sure i'm gunna butcher the terminology here but what i'm trying to do is
move my site from Verio to a site that i will host. Once i get a static IP
from a provider, i take it that i would then update the Verio DNS entries
for my site to point to the new IP address. What about primary & secondary
server info? is secondary reqd? (missing the obvious?)

For starters, you're getting into a number of issues here, not all of which
are relevant. But...

If you're leaving Verio, I would guess that they're no longer hosting your
name servers. Or, have you made arrangments otherwise?

If they are going to continue to provide you DNS, then you need to update
those zone files with the address(es) of the new system.

If they are not going to continue to provide you DNS, then you need to 1)
visit your registrar and update the name servers associated with your domain
name, and 2) configure the new name server(s) properly.

The primary and secondary issue is related to the name servers assocated
with your domain name. You should never have less than two.

 > I see the setup may look something like:
 >
 > <a style='text-decoration: underline;' href="http://www.mysite.com" target="_blank">www.mysite.com</a> (main site... c:\inetpub\wwroot\)
 > <a style='text-decoration: underline;' href="http://www.mysite.com/secure" target="_blank">www.mysite.com/secure</a> (c:\inetpub\wwroot\secure apply cert for this
folder?)

You apply certificates based on common name, where the common name is the
FQDN used to access the site. If you wish to secure <a style='text-decoration: underline;' href="http://www.mysite.com," target="_blank">www.mysite.com,</a> or any
folder (/folder) within that site, then you would apply the <a style='text-decoration: underline;' href="http://www.mysite.com" target="_blank">www.mysite.com</a>
certificate to that web site as a whole. You don't apply certificates to
directories.

Once you apply the certificate, you can require security for certain parts
of the site if you so choose.

 > host headers
 > ========
 > acme1.mysite.com (c:\inetput\wwroot\acme1\...)
 > acme2.mysite.com (c:\inetput\wwroot\acme2\...)
 > acme3.mysite.com (c:\inetput\wwroot\acme3\...)
 >
 > does it matter is these acme stores point to directories UNDER the
inetpub\wwroot folder or should they be located elsewhere for security
reasons?

You have an issue here. Unless you have more than one IP address, you
cannot do this, because <a style='text-decoration: underline;' href="http://www.mysite.com" target="_blank">www.mysite.com</a> requires SSL, which requires that the
site not use host headers. Just a warning.

Regarding the directories, that's up to you. Just note that they will be
accessible via acme1.mysite.com, as well as <a style='text-decoration: underline;' href="http://www.mysite.com/acme1." target="_blank">www.mysite.com/acme1.</a>

 > to use SSL, does it make sense to "apply" the cert to the
<a style='text-decoration: underline;' href="http://www.mysite.com/secure" target="_blank">www.mysite.com/secure</a> folder (routing purchases thru these pages)?

Again, you don't apply certs like this. Do some reading. There are plenty
of documents that explain IIS and SSL in great detail.

 > should i being using W3KServer to do this?

I have no way of knowing.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Host Headers & SSL on same box ?