HTTPS while hosting several virtual sites

I run an IIS6 server that hosts several virtual sites. I have a few sites
that require SSL so I've bound a static IP address to the NIC and then to
those particualr sites. My issue is this: CompanyA requires SSL. I've
bound, for example, 192.168.100.100 to a NIC and the IP address for
CompanqA's web site is 192.168.100.100. https://www.companya.com works fine.
However, CompanyB does not require SSL so I've assigned it's web site
address within IIS to All Unassigned. If I browse to
http://www.companyb.com, everything works just fine. However, when I browse
to https://www.companyb.com, it will bring up CompanyA's web site even though
I've put no port number in the SSL port of Web site tab. Why does IIS go to
an incorrect https web site if the one you're designating within your browse
does not have an SSl port designated? How can I keep this from happening?

Thanks in advance...
Troy

Re: HTTPS while hosting several virtual sites

Hi,

The ssl configuration is per ip so you can attach 1 certificate per ip
address, therefore when there are multiple websites on that ip address you
will always go to that website with https.

I think the only way to solve this is to put the websites on different ip
adresses.

Floris

"Troy" wrote in message
news:E1C966F5-A531-44CD-BE7C-2773F43307A6@microsoft.com...
>I run an IIS6 server that hosts several virtual sites. I have a few sites
> that require SSL so I've bound a static IP address to the NIC and then to
> those particualr sites. My issue is this: CompanyA requires SSL. I've
> bound, for example, 192.168.100.100 to a NIC and the IP address for
> CompanqA's web site is 192.168.100.100. https://www.companya.com works
> fine.
> However, CompanyB does not require SSL so I've assigned it's web site
> address within IIS to All Unassigned. If I browse to
> http://www.companyb.com, everything works just fine. However, when I
> browse
> to https://www.companyb.com, it will bring up CompanyA's web site even
> though
> I've put no port number in the SSL port of Web site tab. Why does IIS go
> to
> an incorrect https web site if the one you're designating within your
> browse
> does not have an SSl port designated? How can I keep this from happening?
>
> Thanks in advance...
> Troy

Re: HTTPS while hosting several virtual sites

CompanyB needs to be on a different, specific, IP address, and not
"unassigned".
Anthony,
http://www.airdesk.co.uk



"Troy" wrote in message
news:E1C966F5-A531-44CD-BE7C-2773F43307A6@microsoft.com...
>I run an IIS6 server that hosts several virtual sites. I have a few sites
> that require SSL so I've bound a static IP address to the NIC and then to
> those particualr sites. My issue is this: CompanyA requires SSL. I've
> bound, for example, 192.168.100.100 to a NIC and the IP address for
> CompanqA's web site is 192.168.100.100. https://www.companya.com works
> fine.
> However, CompanyB does not require SSL so I've assigned it's web site
> address within IIS to All Unassigned. If I browse to
> http://www.companyb.com, everything works just fine. However, when I
> browse
> to https://www.companyb.com, it will bring up CompanyA's web site even
> though
> I've put no port number in the SSL port of Web site tab. Why does IIS go
> to
> an incorrect https web site if the one you're designating within your
> browse
> does not have an SSl port designated? How can I keep this from happening?
>
> Thanks in advance...
> Troy

Re: HTTPS while hosting several virtual sites

CompanyB is on it's own IP address. Not to mention, I have CompanyC and
CompanyD which require SSl and they have their own IP address assigned to
them as well. The problem occurs when someone accidently uses
https://www.CompanyA.com which is NOT assigned an IP address, does NOT have
an SSL certificate and, does NOT have an SSL port specified within the site
setup. Hope all this makes sense???

"Anthony" wrote:

> CompanyB needs to be on a different, specific, IP address, and not
> "unassigned".
> Anthony,
> http://www.airdesk.co.uk
>
>
>
> "Troy" wrote in message
> news:E1C966F5-A531-44CD-BE7C-2773F43307A6@microsoft.com...
> >I run an IIS6 server that hosts several virtual sites. I have a few sites
> > that require SSL so I've bound a static IP address to the NIC and then to
> > those particualr sites. My issue is this: CompanyA requires SSL. I've
> > bound, for example, 192.168.100.100 to a NIC and the IP address for
> > CompanqA's web site is 192.168.100.100. https://www.companya.com works
> > fine.
> > However, CompanyB does not require SSL so I've assigned it's web site
> > address within IIS to All Unassigned. If I browse to
> > http://www.companyb.com, everything works just fine. However, when I
> > browse
> > to https://www.companyb.com, it will bring up CompanyA's web site even
> > though
> > I've put no port number in the SSL port of Web site tab. Why does IIS go
> > to
> > an incorrect https web site if the one you're designating within your
> > browse
> > does not have an SSl port designated? How can I keep this from happening?
> >
> > Thanks in advance...
> > Troy
>
>
>

Re: HTTPS while hosting several virtual sites

Troy,
You just need to make sure that a site that requires SSL and has a
certificate is set up on a dedicated IP address,
Hope that helps,
Anthony,
http://www.airdesk.co.uk






"Troy" wrote in message
news:113D8220-6FAE-4602-AF38-722EE9FC0C20@microsoft.com...
> CompanyB is on it's own IP address. Not to mention, I have CompanyC and
> CompanyD which require SSl and they have their own IP address assigned to
> them as well. The problem occurs when someone accidently uses
> https://www.CompanyA.com which is NOT assigned an IP address, does NOT
> have
> an SSL certificate and, does NOT have an SSL port specified within the
> site
> setup. Hope all this makes sense???
>
> "Anthony" wrote:
>
>> CompanyB needs to be on a different, specific, IP address, and not
>> "unassigned".
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>> "Troy" wrote in message
>> news:E1C966F5-A531-44CD-BE7C-2773F43307A6@microsoft.com...
>> >I run an IIS6 server that hosts several virtual sites. I have a few
>> >sites
>> > that require SSL so I've bound a static IP address to the NIC and then
>> > to
>> > those particualr sites. My issue is this: CompanyA requires SSL.
>> > I've
>> > bound, for example, 192.168.100.100 to a NIC and the IP address for
>> > CompanqA's web site is 192.168.100.100. https://www.companya.com works
>> > fine.
>> > However, CompanyB does not require SSL so I've assigned it's web site
>> > address within IIS to All Unassigned. If I browse to
>> > http://www.companyb.com, everything works just fine. However, when I
>> > browse
>> > to https://www.companyb.com, it will bring up CompanyA's web site even
>> > though
>> > I've put no port number in the SSL port of Web site tab. Why does IIS
>> > go
>> > to
>> > an incorrect https web site if the one you're designating within your
>> > browse
>> > does not have an SSl port designated? How can I keep this from
>> > happening?
>> >
>> > Thanks in advance...
>> > Troy
>>
>>
>>

Re: HTTPS while hosting several virtual sites

I may not be explaining this very well... I have approximately 100 "virutal"
web sites on my server and 3 or 4 SSL sites. All SSL sites DO have their own
IP (ex: CompanyA = 192.168.100.100, CompanyC = 192.168.100.101, CompanyD =
192.168.100.102). A fourth IP address bound to the NIC is 192.168.100.99.
All my virtual/non-SSL sites are assigned to the All unassigned IP address
(basically 192.168.100.99) within the site configuration. If I browse to
www.CompanyE.com or www.CompanyF.com or www.CompanyG.com, these all work just
fine. If I browse to www.CompanyA.com, www.CompanyC.com or www.CompanyD.com,
these work fine too. Also, if I browse to https://www.CompanyA.com,
https://www.CompanyC.com or https://www.CompanyD.com, all is well and I'll
notice certificate icon. However, if I browse to https://www.CompanyE.com,
https://www.CompanyF.com, etc, (and remember, these sites do NOT have
certificates as they are not supposed to AND there is no SSL port configured
in the site properties), it will go to one of the SSL sites that is
configured on my IIS server (let's say https://www.CompanyA.com). This does
not make any sense to me. If I browse to an SSL port for a site but the site
configuration does not have port 443 assigned, why is it going to another
site?????

Does this help explain my configuration and what is happening.

"Anthony" wrote:

> Troy,
> You just need to make sure that a site that requires SSL and has a
> certificate is set up on a dedicated IP address,
> Hope that helps,
> Anthony,
> http://www.airdesk.co.uk
>
>
>
>
>
>
> "Troy" wrote in message
> news:113D8220-6FAE-4602-AF38-722EE9FC0C20@microsoft.com...
> > CompanyB is on it's own IP address. Not to mention, I have CompanyC and
> > CompanyD which require SSl and they have their own IP address assigned to
> > them as well. The problem occurs when someone accidently uses
> > https://www.CompanyA.com which is NOT assigned an IP address, does NOT
> > have
> > an SSL certificate and, does NOT have an SSL port specified within the
> > site
> > setup. Hope all this makes sense???
> >
> > "Anthony" wrote:
> >
> >> CompanyB needs to be on a different, specific, IP address, and not
> >> "unassigned".
> >> Anthony,
> >> http://www.airdesk.co.uk
> >>
> >>
> >>
> >> "Troy" wrote in message
> >> news:E1C966F5-A531-44CD-BE7C-2773F43307A6@microsoft.com...
> >> >I run an IIS6 server that hosts several virtual sites. I have a few
> >> >sites
> >> > that require SSL so I've bound a static IP address to the NIC and then
> >> > to
> >> > those particualr sites. My issue is this: CompanyA requires SSL.
> >> > I've
> >> > bound, for example, 192.168.100.100 to a NIC and the IP address for
> >> > CompanqA's web site is 192.168.100.100. https://www.companya.com works
> >> > fine.
> >> > However, CompanyB does not require SSL so I've assigned it's web site
> >> > address within IIS to All Unassigned. If I browse to
> >> > http://www.companyb.com, everything works just fine. However, when I
> >> > browse
> >> > to https://www.companyb.com, it will bring up CompanyA's web site even
> >> > though
> >> > I've put no port number in the SSL port of Web site tab. Why does IIS
> >> > go
> >> > to
> >> > an incorrect https web site if the one you're designating within your
> >> > browse
> >> > does not have an SSl port designated? How can I keep this from
> >> > happening?
> >> >
> >> > Thanks in advance...
> >> > Troy
> >>
> >>
> >>
>
>
>

Re: HTTPS while hosting several virtual sites

Agreed.

Failing to add spacing in one giant paragraph is a step backwards on
explaining it clearly. Who's going to wade through all that?

Stop and think. There's one damn rule you need to know. Certificate sites
need their own IP address. Period. If you are not in that state yet and it
won't bloody work until you get each certificate on it's own IP. That way,
unless your DNS is also horribly messed up users cannot possibly run into
the wrong site because IIS is not listening on that IP for any other site.
If users get the wrong site in SSL mode, you haven't done it right yet.

You obviously do not have a good intuitional feel about how all this works
yet, so perhaps you should follow instructions of the people volunteering
their time who DO know what's going on until you do. If you do want to
learn it, go find "host headers" in Google and sit down and read how it
works, if you understand that, then the reasons for it working (not working)
the way you describe are obvious.

Your certificate-less sites can all run on one IP, BUT NOT ON AN IP USED BY
A CERTIFICATE. BECAUSE WHEN THE CERT IS USED, THE DATA IIS USES TO GET TO
THE NON-CERT SITES IS ENCRYPTED.

There should be NO sites using "all unassigned" on your server. (That's a
stupid way to go about things, and is great way to get confused. Despite
what Microsoft thinks you should be able to do, doing things the "lazy way"
is not a good idea.)

Move your certs sites to their own IPs, and keep the non-cert sites off of
those IPs and it will work.

"Troy" wrote in message
news:339880AA-AC07-4F38-AD72-C3C3A8B43694@microsoft.com...
>I may not be explaining this very well... I have approximately 100
>"virutal"
> web sites on my server and 3 or 4 SSL sites. All SSL sites DO have their
> own
> IP (ex: CompanyA = 192.168.100.100, CompanyC = 192.168.100.101, CompanyD =
> 192.168.100.102). A fourth IP address bound to the NIC is 192.168.100.99.
> All my virtual/non-SSL sites are assigned to the All unassigned IP address
> (basically 192.168.100.99) within the site configuration. If I browse to
> www.CompanyE.com or www.CompanyF.com or www.CompanyG.com, these all work
> just
> fine. If I browse to www.CompanyA.com, www.CompanyC.com or
> www.CompanyD.com,
> these work fine too. Also, if I browse to https://www.CompanyA.com,
> https://www.CompanyC.com or https://www.CompanyD.com, all is well and I'll
> notice certificate icon. However, if I browse to
> https://www.CompanyE.com,
> https://www.CompanyF.com, etc, (and remember, these sites do NOT have
> certificates as they are not supposed to AND there is no SSL port
> configured
> in the site properties), it will go to one of the SSL sites that is
> configured on my IIS server (let's say https://www.CompanyA.com). This
> does
> not make any sense to me. If I browse to an SSL port for a site but the
> site
> configuration does not have port 443 assigned, why is it going to another
> site?????
>
> Does this help explain my configuration and what is happening.
>
> "Anthony" wrote:
>
>> Troy,
>> You just need to make sure that a site that requires SSL and has a
>> certificate is set up on a dedicated IP address,
>> Hope that helps,
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>>
>>
>> "Troy" wrote in message
>> news:113D8220-6FAE-4602-AF38-722EE9FC0C20@microsoft.com...
>> > CompanyB is on it's own IP address. Not to mention, I have CompanyC
>> > and
>> > CompanyD which require SSl and they have their own IP address assigned
>> > to
>> > them as well. The problem occurs when someone accidently uses
>> > https://www.CompanyA.com which is NOT assigned an IP address, does NOT
>> > have
>> > an SSL certificate and, does NOT have an SSL port specified within the
>> > site
>> > setup. Hope all this makes sense???
>> >
>> > "Anthony" wrote:
>> >
>> >> CompanyB needs to be on a different, specific, IP address, and not
>> >> "unassigned".
>> >> Anthony,
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >>
>> >> "Troy" wrote in message
>> >> news:E1C966F5-A531-44CD-BE7C-2773F43307A6@microsoft.com...
>> >> >I run an IIS6 server that hosts several virtual sites. I have a few
>> >> >sites
>> >> > that require SSL so I've bound a static IP address to the NIC and
>> >> > then
>> >> > to
>> >> > those particualr sites. My issue is this: CompanyA requires SSL.
>> >> > I've
>> >> > bound, for example, 192.168.100.100 to a NIC and the IP address for
>> >> > CompanqA's web site is 192.168.100.100. https://www.companya.com
>> >> > works
>> >> > fine.
>> >> > However, CompanyB does not require SSL so I've assigned it's web
>> >> > site
>> >> > address within IIS to All Unassigned. If I browse to
>> >> > http://www.companyb.com, everything works just fine. However, when
>> >> > I
>> >> > browse
>> >> > to https://www.companyb.com, it will bring up CompanyA's web site
>> >> > even
>> >> > though
>> >> > I've put no port number in the SSL port of Web site tab. Why does
>> >> > IIS
>> >> > go
>> >> > to
>> >> > an incorrect https web site if the one you're designating within
>> >> > your
>> >> > browse
>> >> > does not have an SSl port designated? How can I keep this from
>> >> > happening?
>> >> >
>> >> > Thanks in advance...
>> >> > Troy
>> >>
>> >>
>> >>
>>
>>
>>