Do I really need a wild card certificate ?

I am trying to set up a virtual directory that uses SSL (at the moment it
just contains index.htm). Once all the various settings are set I can
navigate to this page from within my network (but external sites produce a
page not found error) If I switch off ‘Require SSL’ I can navigate to the
index page no problem (internal and external). I have tried various fixs to
this probelm, but I think the issue could be to do with host headers ?

We use host headers because we have a few sites hosted on our webserver. My
question is do I really need a wildcard cert? I ask because (other than it
being a pain/cost to sort out) we host OWA on this sever as well and it uses
SSL and does not seam to have a wild card cert ?!?!

Re: Do I really need a wild card certificate ?

Well, depending on your needs and number of sites you plan to SSL'ed.
Wildcard cert is typicall more expensive then normal SSL cert, also wildcard
cert work at top domain level. e.g. all your sites must have the same
*.domain.com, else you need more than 1 cert.

With w2k3 SP1, you can sort of have host header work with SSL cert, but take
note again the catch here is that all sites must be in same top domain
*.domain.com

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Mike_IntermediateVB" wrote
in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
>I am trying to set up a virtual directory that uses SSL (at the moment it
> just contains index.htm). Once all the various settings are set I can
> navigate to this page from within my network (but external sites produce a
> page not found error) If I switch off ‘Require SSL’ I can navigate to
> the
> index page no problem (internal and external). I have tried various fixs
> to
> this probelm, but I think the issue could be to do with host headers ?
>
> We use host headers because we have a few sites hosted on our webserver.
> My
> question is do I really need a wildcard cert? I ask because (other than it
> being a pain/cost to sort out) we host OWA on this sever as well and it
> uses
> SSL and does not seam to have a wild card cert ?!?!

Re: Do I really need a wild card certificate ?

At this stage I just want one virtual directory SSL 'ed. This directory sits
under our main site. There are 3 other sites using host headers as well and
no SSL (they are from different domains).

The main site has the exchange virtual directories under it (which are using
SSL already), However with the virtual directory I created I can't get SSL
working on external sites. Maybe I am on the wrong track with host headers
(as only the main site needs SSL ? and it is already working for exchange ?)

IIS is pretty frustrating, as a developer I just want a method of passing
secure data to and from remote clients. I am begining to think that I should
just encrypt all the traffic in code.....probably easier than messing with
the many IIS settings...

NOTE: As a developer I only have a light understanding of IIS, we are a
small org and cannot afford a specaist in this area. So it could be somthing
simple I just need a pointer in the right direction....

------------------------------------------------------------ ------------------------------------

"Bernard Cheah [MVP]" wrote:

> Well, depending on your needs and number of sites you plan to SSL'ed.
> Wildcard cert is typicall more expensive then normal SSL cert, also wildcard
> cert work at top domain level. e.g. all your sites must have the same
> *.domain.com, else you need more than 1 cert.
>
> With w2k3 SP1, you can sort of have host header work with SSL cert, but take
> note again the catch here is that all sites must be in same top domain
> *.domain.com
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Mike_IntermediateVB" wrote
> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
> >I am trying to set up a virtual directory that uses SSL (at the moment it
> > just contains index.htm). Once all the various settings are set I can
> > navigate to this page from within my network (but external sites produce a
> > page not found error) If I switch off ‘Require SSL’ I can navigate to
> > the
> > index page no problem (internal and external). I have tried various fixs
> > to
> > this probelm, but I think the issue could be to do with host headers ?
> >
> > We use host headers because we have a few sites hosted on our webserver.
> > My
> > question is do I really need a wildcard cert? I ask because (other than it
> > being a pain/cost to sort out) we host OWA on this sever as well and it
> > uses
> > SSL and does not seam to have a wild card cert ?!?!
>
>
>

Re: Do I really need a wild card certificate ?

For starter, SSL cert bind to website level, you can't install cert on
virtual directory/file level, however you can control SSL requirement all
the way from site to directories or even file level....

Now, I don't get you on -> I can't get SSL working on external sites.

External site is your main site? http:// working but not https:// what do
you get when you browse under https ?

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Mike_IntermediateVB" wrote
in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com...
> At this stage I just want one virtual directory SSL 'ed. This directory
> sits
> under our main site. There are 3 other sites using host headers as well
> and
> no SSL (they are from different domains).
>
> The main site has the exchange virtual directories under it (which are
> using
> SSL already), However with the virtual directory I created I can't get SSL
> working on external sites. Maybe I am on the wrong track with host headers
> (as only the main site needs SSL ? and it is already working for exchange
> ?)
>
> IIS is pretty frustrating, as a developer I just want a method of passing
> secure data to and from remote clients. I am begining to think that I
> should
> just encrypt all the traffic in code.....probably easier than messing with
> the many IIS settings...
>
> NOTE: As a developer I only have a light understanding of IIS, we are a
> small org and cannot afford a specaist in this area. So it could be
> somthing
> simple I just need a pointer in the right direction....
>
> ------------------------------------------------------------ ------------------------------------
>
> "Bernard Cheah [MVP]" wrote:
>
>> Well, depending on your needs and number of sites you plan to SSL'ed.
>> Wildcard cert is typicall more expensive then normal SSL cert, also
>> wildcard
>> cert work at top domain level. e.g. all your sites must have the same
>> *.domain.com, else you need more than 1 cert.
>>
>> With w2k3 SP1, you can sort of have host header work with SSL cert, but
>> take
>> note again the catch here is that all sites must be in same top domain
>> *.domain.com
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis-resources.com/
>> http://www.iiswebcastseries.com/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "Mike_IntermediateVB"
>> wrote
>> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
>> >I am trying to set up a virtual directory that uses SSL (at the moment
>> >it
>> > just contains index.htm). Once all the various settings are set I can
>> > navigate to this page from within my network (but external sites
>> > produce a
>> > page not found error) If I switch off ‘Require SSL’ I can navigate
>> > to
>> > the
>> > index page no problem (internal and external). I have tried various
>> > fixs
>> > to
>> > this probelm, but I think the issue could be to do with host headers ?
>> >
>> > We use host headers because we have a few sites hosted on our
>> > webserver.
>> > My
>> > question is do I really need a wildcard cert? I ask because (other than
>> > it
>> > being a pain/cost to sort out) we host OWA on this sever as well and it
>> > uses
>> > SSL and does not seam to have a wild card cert ?!?!
>>
>>
>>

Re: Do I really need a wild card certificate ?

"Bernard Cheah [MVP]" wrote in message
news:OZKvFdIVGHA.5332@TK2MSFTNGP10.phx.gbl...
> For starter, SSL cert bind to website level, you can't install cert on
> virtual directory/file level, however you can control SSL requirement all
> the way from site to directories or even file level....
>
> Now, I don't get you on -> I can't get SSL working on external sites.
>
> External site is your main site? http:// working but not https:// what do
> you get when you browse under https ?
>

That sounds an awful lot like the network address translation in to the
local network is wrong.

Or that the IP on the cert is not bound to the IP that the router/firewall
is translating in or something.

Maybe if you posted all of the details of the DNS resolution and the IPs for
the devices someone could point out the error.

Likewise, check the port translation and the IPs. You might be sending port
80 (http) to some place else entirely, and port 443 (https) is the one that
is actually translated correctly.

Re: Do I really need a wild card certificate ?

> Now, I don't get you on -> I can't get SSL working on external sites.

Answer:
When I browse to the SSL enabled virtual directory from within my work
network (ie from my development machine) by providing IE with the full URL to
the resource I want to open, IE displays the page correctly. This URL starts
off Https:// because SSL is enabled on the virtual directory. However when I
go home (out side of my work net wetwork) and try this Https:// url on my
home computer I get the posted error ('The resource cannot be found.'). If
uncheck the SSL property on the virtual directory, I can view the page no
problems form both locations.

Note:By main site, I mean the first site setup and the one that gets the
most traffic

"Bernard Cheah [MVP]" wrote:

> For starter, SSL cert bind to website level, you can't install cert on
> virtual directory/file level, however you can control SSL requirement all
> the way from site to directories or even file level....
>
> Now, I don't get you on -> I can't get SSL working on external sites.
>
> External site is your main site? http:// working but not https:// what do
> you get when you browse under https ?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Mike_IntermediateVB" wrote
> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com...
> > At this stage I just want one virtual directory SSL 'ed. This directory
> > sits
> > under our main site. There are 3 other sites using host headers as well
> > and
> > no SSL (they are from different domains).
> >
> > The main site has the exchange virtual directories under it (which are
> > using
> > SSL already), However with the virtual directory I created I can't get SSL
> > working on external sites. Maybe I am on the wrong track with host headers
> > (as only the main site needs SSL ? and it is already working for exchange
> > ?)
> >
> > IIS is pretty frustrating, as a developer I just want a method of passing
> > secure data to and from remote clients. I am begining to think that I
> > should
> > just encrypt all the traffic in code.....probably easier than messing with
> > the many IIS settings...
> >
> > NOTE: As a developer I only have a light understanding of IIS, we are a
> > small org and cannot afford a specaist in this area. So it could be
> > somthing
> > simple I just need a pointer in the right direction....
> >
> > ------------------------------------------------------------ ------------------------------------
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> Well, depending on your needs and number of sites you plan to SSL'ed.
> >> Wildcard cert is typicall more expensive then normal SSL cert, also
> >> wildcard
> >> cert work at top domain level. e.g. all your sites must have the same
> >> *.domain.com, else you need more than 1 cert.
> >>
> >> With w2k3 SP1, you can sort of have host header work with SSL cert, but
> >> take
> >> note again the catch here is that all sites must be in same top domain
> >> *.domain.com
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis-resources.com/
> >> http://www.iiswebcastseries.com/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "Mike_IntermediateVB"
> >> wrote
> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
> >> >I am trying to set up a virtual directory that uses SSL (at the moment
> >> >it
> >> > just contains index.htm). Once all the various settings are set I can
> >> > navigate to this page from within my network (but external sites
> >> > produce a
> >> > page not found error) If I switch off ‘Require SSL’ I can navigate
> >> > to
> >> > the
> >> > index page no problem (internal and external). I have tried various
> >> > fixs
> >> > to
> >> > this probelm, but I think the issue could be to do with host headers ?
> >> >
> >> > We use host headers because we have a few sites hosted on our
> >> > webserver.
> >> > My
> >> > question is do I really need a wildcard cert? I ask because (other than
> >> > it
> >> > being a pain/cost to sort out) we host OWA on this sever as well and it
> >> > uses
> >> > SSL and does not seam to have a wild card cert ?!?!
> >>
> >>
> >>
>
>
>

Re: Do I really need a wild card certificate ?

In this case, this is more related to network question as internally the
https site is working fine.
check:
- if you can ping the server from remote side
- check if the firewall allow port 443 traffic (https) to your server

browsing the site http:// no problem?

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Mike_IntermediateVB" wrote
in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com...
>> Now, I don't get you on -> I can't get SSL working on external sites.
>
> Answer:
> When I browse to the SSL enabled virtual directory from within my work
> network (ie from my development machine) by providing IE with the full URL
> to
> the resource I want to open, IE displays the page correctly. This URL
> starts
> off Https:// because SSL is enabled on the virtual directory. However when
> I
> go home (out side of my work net wetwork) and try this Https:// url on my
> home computer I get the posted error ('The resource cannot be found.'). If
> uncheck the SSL property on the virtual directory, I can view the page no
> problems form both locations.
>
> Note:By main site, I mean the first site setup and the one that gets the
> most traffic
>
> "Bernard Cheah [MVP]" wrote:
>
>> For starter, SSL cert bind to website level, you can't install cert on
>> virtual directory/file level, however you can control SSL requirement all
>> the way from site to directories or even file level....
>>
>> Now, I don't get you on -> I can't get SSL working on external sites.
>>
>> External site is your main site? http:// working but not https:// what
>> do
>> you get when you browse under https ?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis-resources.com/
>> http://www.iiswebcastseries.com/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "Mike_IntermediateVB"
>> wrote
>> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com...
>> > At this stage I just want one virtual directory SSL 'ed. This directory
>> > sits
>> > under our main site. There are 3 other sites using host headers as well
>> > and
>> > no SSL (they are from different domains).
>> >
>> > The main site has the exchange virtual directories under it (which are
>> > using
>> > SSL already), However with the virtual directory I created I can't get
>> > SSL
>> > working on external sites. Maybe I am on the wrong track with host
>> > headers
>> > (as only the main site needs SSL ? and it is already working for
>> > exchange
>> > ?)
>> >
>> > IIS is pretty frustrating, as a developer I just want a method of
>> > passing
>> > secure data to and from remote clients. I am begining to think that I
>> > should
>> > just encrypt all the traffic in code.....probably easier than messing
>> > with
>> > the many IIS settings...
>> >
>> > NOTE: As a developer I only have a light understanding of IIS, we are a
>> > small org and cannot afford a specaist in this area. So it could be
>> > somthing
>> > simple I just need a pointer in the right direction....
>> >
>> > ------------------------------------------------------------ ------------------------------------
>> >
>> > "Bernard Cheah [MVP]" wrote:
>> >
>> >> Well, depending on your needs and number of sites you plan to SSL'ed.
>> >> Wildcard cert is typicall more expensive then normal SSL cert, also
>> >> wildcard
>> >> cert work at top domain level. e.g. all your sites must have the same
>> >> *.domain.com, else you need more than 1 cert.
>> >>
>> >> With w2k3 SP1, you can sort of have host header work with SSL cert,
>> >> but
>> >> take
>> >> note again the catch here is that all sites must be in same top domain
>> >> *.domain.com
>> >>
>> >> --
>> >> Regards,
>> >> Bernard Cheah
>> >> http://www.iis-resources.com/
>> >> http://www.iiswebcastseries.com/
>> >> http://msmvps.com/blogs/bernard/
>> >>
>> >>
>> >> "Mike_IntermediateVB"
>> >> wrote
>> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
>> >> >I am trying to set up a virtual directory that uses SSL (at the
>> >> >moment
>> >> >it
>> >> > just contains index.htm). Once all the various settings are set I
>> >> > can
>> >> > navigate to this page from within my network (but external sites
>> >> > produce a
>> >> > page not found error) If I switch off ‘Require SSL’ I can
>> >> > navigate
>> >> > to
>> >> > the
>> >> > index page no problem (internal and external). I have tried various
>> >> > fixs
>> >> > to
>> >> > this probelm, but I think the issue could be to do with host headers
>> >> > ?
>> >> >
>> >> > We use host headers because we have a few sites hosted on our
>> >> > webserver.
>> >> > My
>> >> > question is do I really need a wildcard cert? I ask because (other
>> >> > than
>> >> > it
>> >> > being a pain/cost to sort out) we host OWA on this sever as well and
>> >> > it
>> >> > uses
>> >> > SSL and does not seam to have a wild card cert ?!?!
>> >>
>> >>
>> >>
>>
>>
>>

Re: Do I really need a wild card certificate ?

Looks like you and Funkadyleik are correct it is a network issue, recently we
had problems with our OWA so a contractor was cllaed in to fix it. He set up
OWA on another machine and redirected port 443 traffic to this new box (via
the router/netscreen/firewall thingys) So that explains the behaviour I
experienced; my traffic (from outside the network that goes through the
router) was being diverted to a machine with none of my pages on it. Hence
page not found errors I guess.....
Phew.. I am glad I am not going mad. Now I know what the issue is I can work
towards fixing it (probably get another IP address I guess).

Thanks to both of you for taking the time to answer my questions. I would
never have found the problem otherwise.

"Bernard Cheah [MVP]" wrote:

> In this case, this is more related to network question as internally the
> https site is working fine.
> check:
> - if you can ping the server from remote side
> - check if the firewall allow port 443 traffic (https) to your server
>
> browsing the site http:// no problem?
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Mike_IntermediateVB" wrote
> in message news:47EA11A2-2CF6-4EF9-BAB5-C09F51D0CF2E@microsoft.com...
> >> Now, I don't get you on -> I can't get SSL working on external sites.
> >
> > Answer:
> > When I browse to the SSL enabled virtual directory from within my work
> > network (ie from my development machine) by providing IE with the full URL
> > to
> > the resource I want to open, IE displays the page correctly. This URL
> > starts
> > off Https:// because SSL is enabled on the virtual directory. However when
> > I
> > go home (out side of my work net wetwork) and try this Https:// url on my
> > home computer I get the posted error ('The resource cannot be found.'). If
> > uncheck the SSL property on the virtual directory, I can view the page no
> > problems form both locations.
> >
> > Note:By main site, I mean the first site setup and the one that gets the
> > most traffic
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> For starter, SSL cert bind to website level, you can't install cert on
> >> virtual directory/file level, however you can control SSL requirement all
> >> the way from site to directories or even file level....
> >>
> >> Now, I don't get you on -> I can't get SSL working on external sites.
> >>
> >> External site is your main site? http:// working but not https:// what
> >> do
> >> you get when you browse under https ?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis-resources.com/
> >> http://www.iiswebcastseries.com/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "Mike_IntermediateVB"
> >> wrote
> >> in message news:EB41192C-2D62-4D70-B774-E71FA6FA4202@microsoft.com...
> >> > At this stage I just want one virtual directory SSL 'ed. This directory
> >> > sits
> >> > under our main site. There are 3 other sites using host headers as well
> >> > and
> >> > no SSL (they are from different domains).
> >> >
> >> > The main site has the exchange virtual directories under it (which are
> >> > using
> >> > SSL already), However with the virtual directory I created I can't get
> >> > SSL
> >> > working on external sites. Maybe I am on the wrong track with host
> >> > headers
> >> > (as only the main site needs SSL ? and it is already working for
> >> > exchange
> >> > ?)
> >> >
> >> > IIS is pretty frustrating, as a developer I just want a method of
> >> > passing
> >> > secure data to and from remote clients. I am begining to think that I
> >> > should
> >> > just encrypt all the traffic in code.....probably easier than messing
> >> > with
> >> > the many IIS settings...
> >> >
> >> > NOTE: As a developer I only have a light understanding of IIS, we are a
> >> > small org and cannot afford a specaist in this area. So it could be
> >> > somthing
> >> > simple I just need a pointer in the right direction....
> >> >
> >> > ------------------------------------------------------------ ------------------------------------
> >> >
> >> > "Bernard Cheah [MVP]" wrote:
> >> >
> >> >> Well, depending on your needs and number of sites you plan to SSL'ed.
> >> >> Wildcard cert is typicall more expensive then normal SSL cert, also
> >> >> wildcard
> >> >> cert work at top domain level. e.g. all your sites must have the same
> >> >> *.domain.com, else you need more than 1 cert.
> >> >>
> >> >> With w2k3 SP1, you can sort of have host header work with SSL cert,
> >> >> but
> >> >> take
> >> >> note again the catch here is that all sites must be in same top domain
> >> >> *.domain.com
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Bernard Cheah
> >> >> http://www.iis-resources.com/
> >> >> http://www.iiswebcastseries.com/
> >> >> http://msmvps.com/blogs/bernard/
> >> >>
> >> >>
> >> >> "Mike_IntermediateVB"
> >> >> wrote
> >> >> in message news:F2A32E8E-C589-45C0-A095-A5B326961023@microsoft.com...
> >> >> >I am trying to set up a virtual directory that uses SSL (at the
> >> >> >moment
> >> >> >it
> >> >> > just contains index.htm). Once all the various settings are set I
> >> >> > can
> >> >> > navigate to this page from within my network (but external sites
> >> >> > produce a
> >> >> > page not found error) If I switch off ‘Require SSL’ I can
> >> >> > navigate
> >> >> > to
> >> >> > the
> >> >> > index page no problem (internal and external). I have tried various
> >> >> > fixs
> >> >> > to
> >> >> > this probelm, but I think the issue could be to do with host headers
> >> >> > ?
> >> >> >
> >> >> > We use host headers because we have a few sites hosted on our
> >> >> > webserver.
> >> >> > My
> >> >> > question is do I really need a wildcard cert? I ask because (other
> >> >> > than
> >> >> > it
> >> >> > being a pain/cost to sort out) we host OWA on this sever as well and
> >> >> > it
> >> >> > uses
> >> >> > SSL and does not seam to have a wild card cert ?!?!
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>