Adding SSL to a framed website
Adding SSL to a framed website
am 19.04.2007 17:12:37 von Steve
Hi all,
I have two websites (www.site1.com and www.site2.com) running on IIS on two
different machines. One of the pages on site1 uses frames, and the main
frame contains a page from site2. I wish to enable SSL on both sites, but am
concerned that when the frames-page on site1 is accessed the browser will
complain that for the frames-embedded content the URL in the address bar
(www.site1.com) does not match the certificate (which will be from site2).
Is this the case, or will the content from site2 be displayed OK?
Thanks
steve
Re: Adding SSL to a framed website
am 20.04.2007 10:14:01 von Daniel Crichton
steve wrote on Thu, 19 Apr 2007 15:12:37 GMT:
> Hi all,
>
> I have two websites (www.site1.com and www.site2.com) running on IIS on
> two different machines. One of the pages on site1 uses frames, and the
> main frame contains a page from site2. I wish to enable SSL on both sites,
> but am concerned that when the frames-page on site1 is accessed the
> browser will complain that for the frames-embedded content the URL in the
> address bar (www.site1.com) does not match the certificate (which will be
> from site2). Is this the case, or will the content from site2 be displayed
> OK?
I've tested using my own SSL sites with IE7 and FF2, and both are happy with
it.
Dan
Re: Adding SSL to a framed website
am 20.04.2007 11:31:51 von David Wang
The browser won't complain if you enable SSL correctly on site2. The
reason is because the browser does NOT compare the URL in the address
bar against site2's certificate. It compares the URL that causes it to
make the SSL request (i.e. when the user clicks on the site2 link
located in the site1 frame to make a SSL request to site2) against the
certificate that comes back from negotiating that SSL request (i.e.
the server certificate returned by accessing site2).
In a non-frames situation, the URL in the address bar is a decent
approximation of the URL you clicked on to make the SSL request (not
100% correct because there can be redirections and forward-proxying
scenarios), so one may *think* that the browser compares the URL in
the address bar against the resulting SSL server certificate , but it
is not the case.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Apr 19, 8:12 am, "steve" wrote:
> Hi all,
>
> I have two websites (www.site1.comandwww.site2.com) running on IIS on two
> different machines. One of the pages on site1 uses frames, and the main
> frame contains a page from site2. I wish to enable SSL on both sites, but am
> concerned that when the frames-page on site1 is accessed the browser will
> complain that for the frames-embedded content the URL in the address bar
> (www.site1.com) does not match the certificate (which will be from site2).
> Is this the case, or will the content from site2 be displayed OK?
>
> Thanks
> steve
Re: Adding SSL to a framed website
am 23.04.2007 14:42:02 von Steve
"David Wang" wrote in message
news:1177061511.777495.233100@b75g2000hsg.googlegroups.com.. .
> The browser won't complain if you enable SSL correctly on site2. The
> reason is because the browser does NOT compare the URL in the address
> bar against site2's certificate. It compares the URL that causes it to
> make the SSL request (i.e. when the user clicks on the site2 link
> located in the site1 frame to make a SSL request to site2) against the
> certificate that comes back from negotiating that SSL request (i.e.
> the server certificate returned by accessing site2).
>
> In a non-frames situation, the URL in the address bar is a decent
> approximation of the URL you clicked on to make the SSL request (not
> 100% correct because there can be redirections and forward-proxying
> scenarios), so one may *think* that the browser compares the URL in
> the address bar against the resulting SSL server certificate , but it
> is not the case.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Apr 19, 8:12 am, "steve" wrote:
>> Hi all,
>>
>> I have two websites (www.site1.comandwww.site2.com) running on IIS on two
>> different machines. One of the pages on site1 uses frames, and the main
>> frame contains a page from site2. I wish to enable SSL on both sites, but
>> am
>> concerned that when the frames-page on site1 is accessed the browser will
>> complain that for the frames-embedded content the URL in the address bar
>> (www.site1.com) does not match the certificate (which will be from
>> site2).
>> Is this the case, or will the content from site2 be displayed OK?
>>
>> Thanks
>> steve
Thanks to both of you for your replies - it's much appreciated!
steve
Re: Adding SSL to a framed website
am 28.04.2007 12:50:38 von hordenador
"steve" escribió en el mensaje
news:EFLVh.363681$Wg6.353306@fe07.news.easynews.com...
> Hi all,
>
> I have two websites (www.site1.com and www.site2.com) running on IIS on
> two different machines. One of the pages on site1 uses frames, and the
> main frame contains a page from site2. I wish to enable SSL on both sites,
> but am concerned that when the frames-page on site1 is accessed the
> browser will complain that for the frames-embedded content the URL in the
> address bar (www.site1.com) does not match the certificate (which will be
> from site2). Is this the case, or will the content from site2 be displayed
> OK?
>
> Thanks
> steve
>
>