SSL on non-standard port question

I have one (1) public IP address running through a NAT router, and three (3)
private network sites set up on my server:
--> default - LAN IP: all unassigned - SSL: 443
--> companyweb - LAN IP: 192.168.1.1 - SSL: 444
--> newsite - LAN IP: 192.168.1.2 - SSL: 4433

My question is... will a certificate work with 'newsite' using this set-up?
And if so, what special process, if anything, will need to be done when
requesting my certificate for port 4433?

Re: SSL on non-standard port question

When you request a certificate, you only need to enter the "common name" of
the site. the port is irrelevant.

You can access this site as:
https://newsite:4433/

That said, obviously "newsite" is not resolvable on the public internet, so
when you port forward port 4433 to your internal site, you'd probably access
the site as http://xx.xx.xx.xx:4433/ (where xx.xx.xx.xx if your public IP
address), and you'd get an error saying that "xx.xx.xx.xx" does not match
the common name in the certificate that is being presented, and asking you
whether you still wish to visit the site or not.

Cheers
Ken

"Ryan" wrote in message
news:A7A12922-8EE0-4A31-B3C2-7498FB75FECB@microsoft.com...
>I have one (1) public IP address running through a NAT router, and three
>(3)
> private network sites set up on my server:
> --> default - LAN IP: all unassigned - SSL: 443
> --> companyweb - LAN IP: 192.168.1.1 - SSL: 444
> --> newsite - LAN IP: 192.168.1.2 - SSL: 4433
>
> My question is... will a certificate work with 'newsite' using this
> set-up?
> And if so, what special process, if anything, will need to be done when
> requesting my certificate for port 4433?

Re: SSL on non-standard port question

I understand what you're saying about the public ip, how the port will be
needed, and how I will in fact get an error, but I am not looking for the
site to be accessed by the public. So being that 'newsite' is a private
intranet...

1) How can I prevent public access to the port, if possible?
2) Will I experience the same domain forwarding issues for clients accessing
via VPN?

Also, if not a problem, I not that up on VPN so if you could direct me to an
article explaining the in and outs of setting up VPN access on a new intranet
site.

Thanks in advance.

Re: SSL on non-standard port question

"Ryan" wrote in message
news:CA46E77E-D6B1-4C05-A9F5-567B9AF12DFB@microsoft.com...
>I understand what you're saying about the public ip, how the port will be
> needed, and how I will in fact get an error, but I am not looking for the
> site to be accessed by the public. So being that 'newsite' is a private
> intranet...
>
> 1) How can I prevent public access to the port, if possible?

If are behind a NAT router, then simply do not "port forward" anything to
your internal "newsite"

> 2) Will I experience the same domain forwarding issues for clients
> accessing
> via VPN?

That depends entirely on how you configure your site. VPN technology has no
effect on accessing a site via SSL.


> Also, if not a problem, I not that up on VPN so if you could direct me to
> an
> article explaining the in and outs of setting up VPN access on a new
> intranet
> site.

VPNs have nothing to do with accessing an intranet website. VPNs are about
logically connecting a physically remote client to your internal network.
Once they are connected, they act just like any other client on your
internal network.

Cheers
Ken