Multiple website in single IP, host header and SSL problem

Hi,

I have websites hosted in one server, single IP address using host header in
IIS 6.0 (windows 2003 standard ed.)
For illustration, in IIS I created 4 websites for respective domain name
indentified on host header:

www.domain1.com
domain1.com
www.domain2.com
domain2.com

I installed SSL on website www.domain1.com
If I type https://www.domain1.com works fine.
If I type https://domain1.com should be OK, although promp security for
different site name

Problem is, if I type https://www.domain2.com or https://domain2.com, it
prompt security message and display www.domain1.com content.

Should be something wrong in my configuration.

I very appreciate for any person who can help solve this problem.

Thank you,
Martin Adhie

Re: Multiple website in single IP, host header and SSL problem

There is nothing wrong with your configuration. Because there is only one
SSL-enabled website, any SSL requests will go through to that website.
Host-Headers can not be used with SSL, because the Host header sent from the
browser is encrypted so IIS can't use it to route requests to websites: only
IP addresses and port numbers can be used.

Cheers
Ken

"prof_martin" wrote in message
news:F7CE0384-E8FE-491E-922F-E73CFEA7E369@microsoft.com...
> Hi,
>
> I have websites hosted in one server, single IP address using host header
> in
> IIS 6.0 (windows 2003 standard ed.)
> For illustration, in IIS I created 4 websites for respective domain name
> indentified on host header:
>
> www.domain1.com
> domain1.com
> www.domain2.com
> domain2.com
>
> I installed SSL on website www.domain1.com
> If I type https://www.domain1.com works fine.
> If I type https://domain1.com should be OK, although promp security for
> different site name
>
> Problem is, if I type https://www.domain2.com or https://domain2.com, it
> prompt security message and display www.domain1.com content.
>
> Should be something wrong in my configuration.
>
> I very appreciate for any person who can help solve this problem.
>
> Thank you,
> Martin Adhie
>

Re: Multiple website in single IP, host header and SSL problem

Hi Ken, Thanks for the reply,

Now I understand how it can be like that. Anyway Bernard Cheah already told
me that Win2003 SP1 can solve the issue of having SSL if using host header.
I'll try to work on it.

Thanks I appreciate that.
Martin Adhie

"Ken Schaefer" wrote:

> There is nothing wrong with your configuration. Because there is only one
> SSL-enabled website, any SSL requests will go through to that website.
> Host-Headers can not be used with SSL, because the Host header sent from the
> browser is encrypted so IIS can't use it to route requests to websites: only
> IP addresses and port numbers can be used.
>
> Cheers
> Ken
>
> "prof_martin" wrote in message
> news:F7CE0384-E8FE-491E-922F-E73CFEA7E369@microsoft.com...
> > Hi,
> >
> > I have websites hosted in one server, single IP address using host header
> > in
> > IIS 6.0 (windows 2003 standard ed.)
> > For illustration, in IIS I created 4 websites for respective domain name
> > indentified on host header:
> >
> > www.domain1.com
> > domain1.com
> > www.domain2.com
> > domain2.com
> >
> > I installed SSL on website www.domain1.com
> > If I type https://www.domain1.com works fine.
> > If I type https://domain1.com should be OK, although promp security for
> > different site name
> >
> > Problem is, if I type https://www.domain2.com or https://domain2.com, it
> > prompt security message and display www.domain1.com content.
> >
> > Should be something wrong in my configuration.
> >
> > I very appreciate for any person who can help solve this problem.
> >
> > Thank you,
> > Martin Adhie
> >
>
>
>

Re: Multiple website in single IP, host header and SSL problem

prof_martin wrote:

>Hi,
>
>I have websites hosted in one server, single IP address using host header
>in
>IIS 6.0 (windows 2003 standard ed.)
>For illustration, in IIS I created 4 websites for respective domain name
>indentified on host header:
>
>www.domain1.com
>domain1.com
>www.domain2.com
>domain2.com
>
>I installed SSL on website www.domain1.com
>If I type https://www.domain1.com works fine.
>If I type https://domain1.com should be OK, although promp security for
>different site name
>
>Problem is, if I type https://www.domain2.com or https://domain2.com, it
>prompt security message and display www.domain1.com content.
>
>Should be something wrong in my configuration.

You can only use host headers and SSL together on a single IP if you have
a wildcard SSL certificate and all the host headers belong to the same
common domain (that's on the SSL certificate).

For any other SSL scenario, you need one IP per SSL site.

The reason for the difficulty is that the host header in the request is
*inside* the encrypted request, which must therefore be decrypted before
the header can be read. But the request must be handed off to a website
before it can be decrypted. ie it's a chicken and egg situation (you need
the header to decide which site, but you need the site to get at the
header).


--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

Re: Multiple website in single IP, host header and SSL problem

This only works if you have a wildcard SSL certification (*.domain.com) and
all your hosts belong to the same domain. It does not work if you have
domain1.com and domain2.com

Cheers
Ken

"prof_martin" wrote in message
news:032D45ED-30BA-475B-9E43-DFD131B680CF@microsoft.com...
> Hi Ken, Thanks for the reply,
>
> Now I understand how it can be like that. Anyway Bernard Cheah already
> told
> me that Win2003 SP1 can solve the issue of having SSL if using host
> header.
> I'll try to work on it.
>
> Thanks I appreciate that.
> Martin Adhie
>
> "Ken Schaefer" wrote:
>
>> There is nothing wrong with your configuration. Because there is only one
>> SSL-enabled website, any SSL requests will go through to that website.
>> Host-Headers can not be used with SSL, because the Host header sent from
>> the
>> browser is encrypted so IIS can't use it to route requests to websites:
>> only
>> IP addresses and port numbers can be used.
>>
>> Cheers
>> Ken
>>
>> "prof_martin" wrote in message
>> news:F7CE0384-E8FE-491E-922F-E73CFEA7E369@microsoft.com...
>> > Hi,
>> >
>> > I have websites hosted in one server, single IP address using host
>> > header
>> > in
>> > IIS 6.0 (windows 2003 standard ed.)
>> > For illustration, in IIS I created 4 websites for respective domain
>> > name
>> > indentified on host header:
>> >
>> > www.domain1.com
>> > domain1.com
>> > www.domain2.com
>> > domain2.com
>> >
>> > I installed SSL on website www.domain1.com
>> > If I type https://www.domain1.com works fine.
>> > If I type https://domain1.com should be OK, although promp security for
>> > different site name
>> >
>> > Problem is, if I type https://www.domain2.com or https://domain2.com,
>> > it
>> > prompt security message and display www.domain1.com content.
>> >
>> > Should be something wrong in my configuration.
>> >
>> > I very appreciate for any person who can help solve this problem.
>> >
>> > Thank you,
>> > Martin Adhie
>> >
>>
>>
>>