LAN SSL to External connection

Details:
1) I have 3 sites, all lan. (default, companyweb, and newsite).
2) 2 have the default SSL port set up (default - 443, companyweb - 444)
3) SBS Box has 2 network cards (direct internet, lan)
4) Lan has 2 assigned ips (192.168.1.1, 192.168.1.2)
5) default (all unassigned), companyweb (192.168.1.1), newsite (192.168.1.2)

Question:
How do I go about setting up SSL on the newsite?? I just need it to send
secure billing info to a remote ssl merchange gateway.

Re: LAN SSL to External connection

On Jul 30, 12:42 pm, Ryan wrote:
> Details:
> 1) I have 3 sites, all lan. (default, companyweb, and newsite).
> 2) 2 have the default SSL port set up (default - 443, companyweb - 444)
> 3) SBS Box has 2 network cards (direct internet, lan)
> 4) Lan has 2 assigned ips (192.168.1.1, 192.168.1.2)
> 5) default (all unassigned), companyweb (192.168.1.1), newsite (192.168.1.2)
>
> Question:
> How do I go about setting up SSL on the newsite?? I just need it to send
> secure billing info to a remote ssl merchange gateway.



You don't need to set up SSL if you just want to send secure billing
info to somewhere else.

You will need to setup SSL if you want to securely retrieve sensitive
information from a client browser to the server.

Please find any FAQ on microsoft.com on how to setup an SSL
Certificate for a website. It basically comes down to:
1. Purchase/Obtain a SSL Server certificate from a trusted source and
install that certificate onto the server -- this is standard security
procedure unrelated to IIS
2. Configure IIS website to use the specific Server certificate from
#1. Just open the IIS Manager UI and do it. Lots of documentation
explain how to do this

If you do anything else, just be aware that it may work, but it is not
really necessary.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: LAN SSL to External connection

The merchant gateway requires that data be sent to it using a SSL connection,
so that's why it has to be set up.

Now the part I'm confused about... what do I do about the SSL port number?

Re: LAN SSL to External connection

OK, I think i may be starting to understand this. David, what I think you
were trying to tell me is that SSL is not needed on a Private LAN. With that
in mind, information is already sercured being sent from the client computers
to the local server. Now the external connection on my server which will be
sending and retrieving the SSL data is what I need the certificate for.

In regards to the ssl port number, I used 4433 and then routed this port to
the 192.168.1.2 which is my Office Terminal web site that requires the SSL
connect. Now all that remains is to install the SSL certificate... hopefully.

Please let me know if this is correct or not. Many thanks in advance.

Re: LAN SSL to External connection

On Jul 31, 2:22 pm, Ryan wrote:
> OK, I think i may be starting to understand this. David, what I think you
> were trying to tell me is that SSL is not needed on a Private LAN. With that
> in mind, information is already sercured being sent from the client computers
> to the local server. Now the external connection on my server which will be
> sending and retrieving the SSL data is what I need the certificate for.
>
> In regards to the ssl port number, I used 4433 and then routed this port to
> the 192.168.1.2 which is my Office Terminal web site that requires the SSL
> connect. Now all that remains is to install the SSL certificate... hopefully.
>
> Please let me know if this is correct or not. Many thanks in advance.




Then, you do not need to setup SSL Certificate nor port # to be able
to contact your merchant gateway over SSL. It should just work in your
original, default SBS configuration.

This is all you need to do:
1. For your server to send data over SSL to the merchant gateway:
- need to have code which opens a connection to port 443 on the
merchant gateway
- IF merchant gateway requires client certificate authentication,
then you need to install that certificate on the server
- NO CONFIGURATION IN IIS NECESSARY
2. For your server to receive data over SSL from a browser client:
- need to configure an IIS website to listen on port 443 of any
number of IP addresses
- need to install SSL Server Certificate and configure the
appropriate IIS website to use it
- optionally configure IIS website to require SSL

Based on your recent number of posts in the newsgroup, I suspect you
have a lot of unnecessary and misconfiguration that does not do what
you want to accomplish. Default SBS2003 configuration should just
work. You do not need to touch anything related to IIS to be able to
send data securely to your merchant gateway.

I need you to describe exactly what you want to accomplish, not how
you think it should be configured. I assume you are doing basic
secured commerce transaction, so you need to securely obtain
information from a client browser to your server, which then makes a
secure connection to the merchant gateway, performs some operation,
and sends back the response to the client browser. Please verify.

For example, you say that "information is already secured being sent
from the client computers to the local server". This means that you
must have already configured SSL on the local server. But you say that
you don't have SSL configured -- a contradiction. So, you either are
not securely transmitting information from client computers because
SSL is not configured, or you have SSL configured and have no issue.
Contradictions do not make it easy to provide correct advice.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: LAN SSL to External connection

I'm trying to do exactly what you stated:
"I assume you are doing basic secured commerce transaction, so you need to
securely obtain information from a client browser to your server, which then
makes a secure connection to the merchant gateway, performs some operation,
and sends back the response to the client browser."

I current configuration is very basic. I have only added an additional IP
address to my LAN NIC which through DNS routes to my Office Terminal web
site. The Office Terminal web site is set up 192.168.1.2, companyweb on
192.168.1.1, and default on (all unassigned). In addition to that I set 4433
as the SSL port and then forwarded the port to 192.168.1.2. That all that has
been done.

I do not have secured connection between the clients and the local server,
nor the local server and the merchants remote server. I know the merchant
requires a SSL connection, but I do not know if they require a ssl
certificate.

The contradiction came because I have no idea if I really need a secured
connection between the clients and the local server being that it is a
Private LAN anyways... and all external client connections to the local
server are made through VPN.

Please fill in the gaps of my ssl knowledge.

Re: LAN SSL to External connection

Question:
To "configure an IIS website to listen on port 443 of any
number of IP addresses", will that require a wildcard certificate? If so, I
need another option in setting up ssl because a wildcard certificate is
simply too expensive.