Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Multiple Web Sites and SSL

Multiple Web Sites and SSL 10 years 1 month ago #17707

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
We have a server at work that handles 4 web sites. We are running IIS6 and have to have at least on secure page on each web site.

Standard Port for SSL is 443. The problem is that you can only have one Web Site (application) using an SSL port.

We solved the problem by using non-standard ports 8443, 8444,8445,8446 - one for each site.

This works fine for most cases. The problem is that we now find that you will have problems with companies that have Proxy servers. They apparently have only 443 open for SSL by default. So any company that signs up with us that have a Proxy Server would have to modify the Proxy to allow one of these non-standard ports. Not really a good idea.

The only way around this problem (that I can figure out) is to have one Server for each Web Site. Very expensive. Especially since a couple of these sites have very little traffice (at the moment).

So if I have 6 web sites I would need 6 servers.

Is there a better way around this problem?
Thanks,

Tom
The administrator has disabled public write access.

Re: Multiple Web Sites and SSL 10 years 1 month ago #17708

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
You don't need 6 servers, but you do need 6 IPs and you need to specify which site is listening on each IP. By default, IIS listens on all interfaces and addresses for every site you configure.

The default works great for non-ssl sites, as it is just name-based hosting, but ssl doesn't work with name-based hosting.
The administrator has disabled public write access.

Re: Multiple Web Sites and SSL 10 years 1 month ago #17712

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Another way that may work with this is if you publish through ISA Server. If you terminate the SSL connections on the ISA Server you can then publish to the correct host header on HTTP only on the inside, then the host headers will take over. I have never really tested it but i believe this is easy to acheive.

Hope that makes sense.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Multiple Web Sites and SSL 10 years 1 month ago #17741

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
Smurf,

Thats not a bad idea and its how SSL Accelerators (like the ones offered by F5) usually work, soo it shouldn't be too difficult to do. You could probably share the cert between 2 ISA boxen for redunancy if it allows it.
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup