Mutiple SSL Sites [one] IP

Multiple SSL Sites [one] IP



I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
(I.E. Mambo Server for example or even PHPBB, for all whom may wonder). The
issue is this; I am under [one] public IP Address. Although IIS will allow
me to host as many sites as my server can handle under one address utilizing
'host name headers'. SSL does not work in such a way. My "true" question is
how do I go about hosting multiple SSL sites under [one] IP Address.



I have been thinking and have not got around to testing, but what if, and
that a big [if]. If I would NAT my Public IP Address to a subnet and
somehow point the traffic to an internal server hosting sites and give that
server multiple addresses. Then again, what ever device that at the edge of
the network would have to know where to direct each sites request.



I am a bit lost, can someone assist me here.



Thanks.

Re: Mutiple SSL Sites [one] IP

Would this solution work for you?

Create two websites using the same IP address with different host headers
eg
website 1:
host header site1.domain.com
port: 80
ip address: 192.168.1.10

website 2:
host header: site2.domain.com
port: 80
ip address: 192.168.1.10

Then create an SSL site that services both web sites?

website 3:
no host header
port: 443
ip address: 192.168.1.10
configure your certificate here and a virtual directory for each
site you are servicing secure communications for
eg
secure.domain.com/site1
secure.domain.com/site2

then when you need a secure connection you could transfer to something like
secure.domain.com

without ssl set up on the first two sites, all ssl requests would go to the
3rd website for secure communications

this is a poor man's way of servicing multiple secure websites, as the
proper way would be to have an external ip address for each website, but I
believe it should work, it will cost more in the long run in development and
maintainence time however.

-R


"Mr. Backup" wrote in message
news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
> Multiple SSL Sites [one] IP
>
>
>
> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
> The issue is this; I am under [one] public IP Address. Although IIS will
> allow me to host as many sites as my server can handle under one address
> utilizing 'host name headers'. SSL does not work in such a way. My "true"
> question is how do I go about hosting multiple SSL sites under [one] IP
> Address.
>
>
>
> I have been thinking and have not got around to testing, but what if, and
> that a big [if]. If I would NAT my Public IP Address to a subnet and
> somehow point the traffic to an internal server hosting sites and give
> that server multiple addresses. Then again, what ever device that at the
> edge of the network would have to know where to direct each sites request.
>
>
>
> I am a bit lost, can someone assist me here.
>
>
>
> Thanks.
>
>

Re: Mutiple SSL Sites [one] IP

Would this solution work for you?

Create two websites using the same IP address with different host headers
eg
website 1:
host header site1.domain.com
port: 80
ip address: 192.168.1.10

website 2:
host header: site2.domain.com
port: 80
ip address: 192.168.1.10

Then create an SSL site that services both web sites?

website 3:
no host header
port: 443
ip address: 192.168.1.10
configure your certificate here and a virtual directory for each
site you are servicing secure communications for
eg
secure.domain.com/site1
secure.domain.com/site2

then when you need a secure connection you could transfer to something like
secure.domain.com

without ssl set up on the first two sites, all ssl requests would go to the
3rd website for secure communications

this is a poor man's way of servicing multiple secure websites, as the
proper way would be to have an external ip address for each website, but I
believe it should work, it will cost more in the long run in development and
maintainence time however.

-R


"Mr. Backup" wrote in message
news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
> Multiple SSL Sites [one] IP
>
>
>
> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
> The issue is this; I am under [one] public IP Address. Although IIS will
> allow me to host as many sites as my server can handle under one address
> utilizing 'host name headers'. SSL does not work in such a way. My "true"
> question is how do I go about hosting multiple SSL sites under [one] IP
> Address.
>
>
>
> I have been thinking and have not got around to testing, but what if, and
> that a big [if]. If I would NAT my Public IP Address to a subnet and
> somehow point the traffic to an internal server hosting sites and give
> that server multiple addresses. Then again, what ever device that at the
> edge of the network would have to know where to direct each sites request.
>
>
>
> I am a bit lost, can someone assist me here.
>
>
>
> Thanks.
>
>

Re: Mutiple SSL Sites [one] IP

That's good and all, but that would make the cert invalid. Seeing how you
need the cert to be issued to your FQDN www.domainA.com and your using a
cert that issued to www.iserve2domains.com it will look like an invalid
cert, more so configured incorrectly. Will there be an SSL Tunnel (Secure
Web Session) Yes!



So this poor man I still "SOL" so far.







"cd~" wrote in message
news:%23ah5FazMGHA.2336@TK2MSFTNGP12.phx.gbl...
> Would this solution work for you?
>
> Create two websites using the same IP address with different host headers
> eg
> website 1:
> host header site1.domain.com
> port: 80
> ip address: 192.168.1.10
>
> website 2:
> host header: site2.domain.com
> port: 80
> ip address: 192.168.1.10
>
> Then create an SSL site that services both web sites?
>
> website 3:
> no host header
> port: 443
> ip address: 192.168.1.10
> configure your certificate here and a virtual directory for each
> site you are servicing secure communications for
> eg
> secure.domain.com/site1
> secure.domain.com/site2
>
> then when you need a secure connection you could transfer to something
> like secure.domain.com
>
> without ssl set up on the first two sites, all ssl requests would go to
> the 3rd website for secure communications
>
> this is a poor man's way of servicing multiple secure websites, as the
> proper way would be to have an external ip address for each website, but I
> believe it should work, it will cost more in the long run in development
> and maintainence time however.
>
> -R
>
>
> "Mr. Backup" wrote in message
> news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
>> Multiple SSL Sites [one] IP
>>
>>
>>
>> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
>> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
>> The issue is this; I am under [one] public IP Address. Although IIS will
>> allow me to host as many sites as my server can handle under one address
>> utilizing 'host name headers'. SSL does not work in such a way. My
>> "true" question is how do I go about hosting multiple SSL sites under
>> [one] IP Address.
>>
>>
>>
>> I have been thinking and have not got around to testing, but what if, and
>> that a big [if]. If I would NAT my Public IP Address to a subnet and
>> somehow point the traffic to an internal server hosting sites and give
>> that server multiple addresses. Then again, what ever device that at the
>> edge of the network would have to know where to direct each sites
>> request.
>>
>>
>>
>> I am a bit lost, can someone assist me here.
>>
>>
>>
>> Thanks.
>>
>>
>
>

Re: Mutiple SSL Sites [one] IP

That's good and all, but that would make the cert invalid. Seeing how you
need the cert to be issued to your FQDN www.domainA.com and your using a
cert that issued to www.iserve2domains.com it will look like an invalid
cert, more so configured incorrectly. Will there be an SSL Tunnel (Secure
Web Session) Yes!



So this poor man I still "SOL" so far.







"cd~" wrote in message
news:%23ah5FazMGHA.2336@TK2MSFTNGP12.phx.gbl...
> Would this solution work for you?
>
> Create two websites using the same IP address with different host headers
> eg
> website 1:
> host header site1.domain.com
> port: 80
> ip address: 192.168.1.10
>
> website 2:
> host header: site2.domain.com
> port: 80
> ip address: 192.168.1.10
>
> Then create an SSL site that services both web sites?
>
> website 3:
> no host header
> port: 443
> ip address: 192.168.1.10
> configure your certificate here and a virtual directory for each
> site you are servicing secure communications for
> eg
> secure.domain.com/site1
> secure.domain.com/site2
>
> then when you need a secure connection you could transfer to something
> like secure.domain.com
>
> without ssl set up on the first two sites, all ssl requests would go to
> the 3rd website for secure communications
>
> this is a poor man's way of servicing multiple secure websites, as the
> proper way would be to have an external ip address for each website, but I
> believe it should work, it will cost more in the long run in development
> and maintainence time however.
>
> -R
>
>
> "Mr. Backup" wrote in message
> news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
>> Multiple SSL Sites [one] IP
>>
>>
>>
>> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
>> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
>> The issue is this; I am under [one] public IP Address. Although IIS will
>> allow me to host as many sites as my server can handle under one address
>> utilizing 'host name headers'. SSL does not work in such a way. My
>> "true" question is how do I go about hosting multiple SSL sites under
>> [one] IP Address.
>>
>>
>>
>> I have been thinking and have not got around to testing, but what if, and
>> that a big [if]. If I would NAT my Public IP Address to a subnet and
>> somehow point the traffic to an internal server hosting sites and give
>> that server multiple addresses. Then again, what ever device that at the
>> edge of the network would have to know where to direct each sites
>> request.
>>
>>
>>
>> I am a bit lost, can someone assist me here.
>>
>>
>>
>> Thanks.
>>
>>
>
>

Re: Mutiple SSL Sites [one] IP

Not possible. SSL encryption includes the host header that IIS would use to
interpret two hostnames on the same IP address.

Therefore, IIS does not know what site to use if the IP is not unique and
there is encryption.

ALL solutions and work arounds are going to be clunky and unsatisfactory
unless your users are a small group and prepared for wierdness from a
browser. You are sunk if you try to foist work arounds off on the general
public. (And with good reason, they are paranoid...)

Get more IPs or don't run more than one secured site.

"Mr. Backup" wrote in message
news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
> Multiple SSL Sites [one] IP
>
>
>
> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
> The issue is this; I am under [one] public IP Address. Although IIS will
> allow me to host as many sites as my server can handle under one address
> utilizing 'host name headers'. SSL does not work in such a way. My "true"
> question is how do I go about hosting multiple SSL sites under [one] IP
> Address.
>
>
>
> I have been thinking and have not got around to testing, but what if, and
> that a big [if]. If I would NAT my Public IP Address to a subnet and
> somehow point the traffic to an internal server hosting sites and give
> that server multiple addresses. Then again, what ever device that at the
> edge of the network would have to know where to direct each sites request.
>
>
>
> I am a bit lost, can someone assist me here.
>
>
>
> Thanks.
>
>

Re: Mutiple SSL Sites [one] IP

Not possible. SSL encryption includes the host header that IIS would use to
interpret two hostnames on the same IP address.

Therefore, IIS does not know what site to use if the IP is not unique and
there is encryption.

ALL solutions and work arounds are going to be clunky and unsatisfactory
unless your users are a small group and prepared for wierdness from a
browser. You are sunk if you try to foist work arounds off on the general
public. (And with good reason, they are paranoid...)

Get more IPs or don't run more than one secured site.

"Mr. Backup" wrote in message
news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
> Multiple SSL Sites [one] IP
>
>
>
> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
> The issue is this; I am under [one] public IP Address. Although IIS will
> allow me to host as many sites as my server can handle under one address
> utilizing 'host name headers'. SSL does not work in such a way. My "true"
> question is how do I go about hosting multiple SSL sites under [one] IP
> Address.
>
>
>
> I have been thinking and have not got around to testing, but what if, and
> that a big [if]. If I would NAT my Public IP Address to a subnet and
> somehow point the traffic to an internal server hosting sites and give
> that server multiple addresses. Then again, what ever device that at the
> edge of the network would have to know where to direct each sites request.
>
>
>
> I am a bit lost, can someone assist me here.
>
>
>
> Thanks.
>
>

Re: Mutiple SSL Sites [one] IP

Thank you...
I know all of this info.. I just needed to confirm.
As I had someone here trying to tell me it would work, and they do not want
to pay for another IP address.
Why is it that the suits fear spending money, and act as if the money us
Technical people need them to spend is going into our pocket.

A side note. I know with a domain CA or even a local CA on your server you
can make your own carts.
But remote users will get a warning and have to install your cert so that
warning goes away. Honestly I would not install someone's cert if I was at
their site. So what's the best way to get a signed cert for cheep.




"Ratatooie" wrote in message
news:43f5ebdb$1_1@newspeer2.tds.net...
> Not possible. SSL encryption includes the host header that IIS would use
> to interpret two hostnames on the same IP address.
>
> Therefore, IIS does not know what site to use if the IP is not unique and
> there is encryption.
>
> ALL solutions and work arounds are going to be clunky and unsatisfactory
> unless your users are a small group and prepared for wierdness from a
> browser. You are sunk if you try to foist work arounds off on the general
> public. (And with good reason, they are paranoid...)
>
> Get more IPs or don't run more than one secured site.
>
> "Mr. Backup" wrote in message
> news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
>> Multiple SSL Sites [one] IP
>>
>>
>>
>> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
>> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
>> The issue is this; I am under [one] public IP Address. Although IIS will
>> allow me to host as many sites as my server can handle under one address
>> utilizing 'host name headers'. SSL does not work in such a way. My
>> "true" question is how do I go about hosting multiple SSL sites under
>> [one] IP Address.
>>
>>
>>
>> I have been thinking and have not got around to testing, but what if, and
>> that a big [if]. If I would NAT my Public IP Address to a subnet and
>> somehow point the traffic to an internal server hosting sites and give
>> that server multiple addresses. Then again, what ever device that at the
>> edge of the network would have to know where to direct each sites
>> request.
>>
>>
>>
>> I am a bit lost, can someone assist me here.
>>
>>
>>
>> Thanks.
>>
>>
>
>

Re: Mutiple SSL Sites [one] IP

Thank you...
I know all of this info.. I just needed to confirm.
As I had someone here trying to tell me it would work, and they do not want
to pay for another IP address.
Why is it that the suits fear spending money, and act as if the money us
Technical people need them to spend is going into our pocket.

A side note. I know with a domain CA or even a local CA on your server you
can make your own carts.
But remote users will get a warning and have to install your cert so that
warning goes away. Honestly I would not install someone's cert if I was at
their site. So what's the best way to get a signed cert for cheep.




"Ratatooie" wrote in message
news:43f5ebdb$1_1@newspeer2.tds.net...
> Not possible. SSL encryption includes the host header that IIS would use
> to interpret two hostnames on the same IP address.
>
> Therefore, IIS does not know what site to use if the IP is not unique and
> there is encryption.
>
> ALL solutions and work arounds are going to be clunky and unsatisfactory
> unless your users are a small group and prepared for wierdness from a
> browser. You are sunk if you try to foist work arounds off on the general
> public. (And with good reason, they are paranoid...)
>
> Get more IPs or don't run more than one secured site.
>
> "Mr. Backup" wrote in message
> news:Om9ngbxMGHA.2604@TK2MSFTNGP09.phx.gbl...
>> Multiple SSL Sites [one] IP
>>
>>
>>
>> I am looking into a method of hosting multiple SSL Enabled CMS Type Sites
>> (I.E. Mambo Server for example or even PHPBB, for all whom may wonder).
>> The issue is this; I am under [one] public IP Address. Although IIS will
>> allow me to host as many sites as my server can handle under one address
>> utilizing 'host name headers'. SSL does not work in such a way. My
>> "true" question is how do I go about hosting multiple SSL sites under
>> [one] IP Address.
>>
>>
>>
>> I have been thinking and have not got around to testing, but what if, and
>> that a big [if]. If I would NAT my Public IP Address to a subnet and
>> somehow point the traffic to an internal server hosting sites and give
>> that server multiple addresses. Then again, what ever device that at the
>> edge of the network would have to know where to direct each sites
>> request.
>>
>>
>>
>> I am a bit lost, can someone assist me here.
>>
>>
>>
>> Thanks.
>>
>>
>
>

Re: Mutiple SSL Sites [one] IP

On Fri, 17 Feb 2006 11:13:16 -0500, "Mr. Backup"
wrote:

>Thank you...
>I know all of this info.. I just needed to confirm.
>As I had someone here trying to tell me it would work, and they do not want
>to pay for another IP address.
>Why is it that the suits fear spending money, and act as if the money us
>Technical people need them to spend is going into our pocket.
>
>A side note. I know with a domain CA or even a local CA on your server you
>can make your own carts.
>But remote users will get a warning and have to install your cert so that
>warning goes away. Honestly I would not install someone's cert if I was at
>their site. So what's the best way to get a signed cert for cheep.

Use a hosting service that provides the cert.

Jeff

Re: Mutiple SSL Sites [one] IP

On Fri, 17 Feb 2006 11:13:16 -0500, "Mr. Backup"
wrote:

>Thank you...
>I know all of this info.. I just needed to confirm.
>As I had someone here trying to tell me it would work, and they do not want
>to pay for another IP address.
>Why is it that the suits fear spending money, and act as if the money us
>Technical people need them to spend is going into our pocket.
>
>A side note. I know with a domain CA or even a local CA on your server you
>can make your own carts.
>But remote users will get a warning and have to install your cert so that
>warning goes away. Honestly I would not install someone's cert if I was at
>their site. So what's the best way to get a signed cert for cheep.

Use a hosting service that provides the cert.

Jeff

Re: Mutiple SSL Sites [one] IP

"Mr. Backup" wrote in message
news:OP3W1x9MGHA.1192@TK2MSFTNGP11.phx.gbl...
> Thank you...
> I know all of this info.. I just needed to confirm.
> As I had someone here trying to tell me it would work, and they do not
> want to pay for another IP address.
> Why is it that the suits fear spending money, and act as if the money us
> Technical people need them to spend is going into our pocket.

Feel for ya man.

>
> A side note. I know with a domain CA or even a local CA on your server
> you can make your own carts.
> But remote users will get a warning and have to install your cert so that
> warning goes away. Honestly I would not install someone's cert if I was at
> their site. So what's the best way to get a signed cert for cheep.
>
>
>

Network Solutions just started offering them for $199 (for 2 years I think).

There's a place called Thawte in South Africa but they just got purchased by
Verisign. (Which also has close ties to Network Solutions.)

If it's an end-user application, you pretty much have to get one from
Network Solutions. If it's your own folks that can be taught to install a
cert, you can issue your own certificate with the proper software. (MS has
some self-certificate stuff, I assume there is open source solutions too.)

Re: Mutiple SSL Sites [one] IP

"Mr. Backup" wrote in message
news:OP3W1x9MGHA.1192@TK2MSFTNGP11.phx.gbl...
> Thank you...
> I know all of this info.. I just needed to confirm.
> As I had someone here trying to tell me it would work, and they do not
> want to pay for another IP address.
> Why is it that the suits fear spending money, and act as if the money us
> Technical people need them to spend is going into our pocket.

Feel for ya man.

>
> A side note. I know with a domain CA or even a local CA on your server
> you can make your own carts.
> But remote users will get a warning and have to install your cert so that
> warning goes away. Honestly I would not install someone's cert if I was at
> their site. So what's the best way to get a signed cert for cheep.
>
>
>

Network Solutions just started offering them for $199 (for 2 years I think).

There's a place called Thawte in South Africa but they just got purchased by
Verisign. (Which also has close ties to Network Solutions.)

If it's an end-user application, you pretty much have to get one from
Network Solutions. If it's your own folks that can be taught to install a
cert, you can issue your own certificate with the proper software. (MS has
some self-certificate stuff, I assume there is open source solutions too.)