In IIS server 10,i assign a ssl to my site and run it and everything is good and certificate work correctly but in my network( all of IP such as IIS server and clients are same IP); but when I'm testing the site from local client prompt me " unsecure connection"
What can i do?
Problem in IIS Server 10
The browser warns of this error, which only contains CN (Common Name) but no corresponding SAN (Service Alternative Name). so you have to set the hostname in iis with the corresponding common name or buy the certificate as the name as a hostname
Related
I have a domain purchased from Godaddy. Then a Virtual Machine setup on Azure with an web application installed on it.
So thus far I have:
An Azure VM with an application running on it, lets say the ip for the VM is 12.3.456.789
A domain name I purchased from godaddy, e.g mydomain.com, I then created a subdomain for e.g sub.mydomain.com
I then added an SSL certificate to this subdomain which worked fine, after I changed the DNS A record for the subdomain to the ip address of the VM 12.3.456.789, also the application on the VM is accessed on port 4000. So https://sub.mydomain.com:4000
The issue is that when I access my domain via https I get the ERR_SSL_PROTOCOL_ERROR in all browsers but when I access it via http then the application on it loads completely fine.
Any ideas on what I would have done wrong or left out in my setup?
Also if I did not provide enough information do let me know.
commercial SSL certs are always signed to include the TLD
(Top Level Domain -> in your hypothetical case: mydomain.com) !
You should contact godaddy to change the certificate to change the SAN (Subject alternative Name to sub.mydomain.com)
One example:
You order a ssl certificate for the subdomain www for your domain mydomain.com.
mydomain.com is valid by its nature (SAN -> it's the TLD)
Whereas www.mydomain.com is the SUBJECT.
Best H.
To rewrite to rule from https as you are getting ERR_SSL_PROTOCOL_ERROR please check you are correctly provided ssl cerficate SSL Certificate Checker as my SSL provided is DigiCert.
And to make Https ensure in your remote desktop in IIS manager click your virtual machine ->binding -> Https and port as 443 and upload certificate.
In your virtual machine try to add outbound security rule provide service as HTTPS and port as same in 443
Reference: https://learn.microsoft.com/en-us/answers/questions/23397/not-able-to-secure-windows-azure-vm-in-https.html
We used to have a setup on IIS 7.5.
- 1 IIS has 2 websites both run on 443.
- It has different host names in the binding - site1.domainname.com, site2.domainname.com
- Both sites were bound to a wild card SSL cert - *.domainname.com,
and this worked fine for years.
Because of an audit, we had to move to a FQDN certificate.
Now when I bind the FQDN certificate on a site, it does not allow me to add a host name.
http://screencast.com/t/sowdaziJV
It says you can't start the second site as another website is already running on the same port.
This made sense until another internal team got it working. My guess is they used scripting to allow this on IIS instead of IIS GUI.
They have 2 websites running on the same port with different SSL certificate with no Hostnames.
I found out an odd thing about their setup and I was able to set it up like that too.
Have the sites with wild card certs and hostnames.
Change site one with the FQDN cert.
DON'T Change site 2 with FQDN cert.
It automatically takes the new certificate and keep the host name
They both stay up. If you look at site 2, it looks like it has a hostname binding. but if you edit that hostname is gone. See this figure.
http://screencast.com/t/z5y4n7KhGNE
Questions:
Is IIS running 2 websites on the same port with different FQDN certificate an expected behaviour?
I am worried if they took advantage of a bug. I want to be sure if this is allowed before I do this in production.
They probably turned on SNI. SNI allows the server to discern between a host name and route it to the correct site and then send back the SSL cert associated with the site. The problem is, not all browsers support SNI handshakes. SNI only started with server 2012, so the other team might be running that. Previously, IIS couldn't do this, so each site had to have its own IP / SSL cert. Now, you can run all on 443 for one site, and IIS can figure out which site to respond with by looking at the request.
I want to host a site on local IIS 7.5 for internal testing. But I want people can access over the internet.
For this on my rackspace server, I have created an "A" record with subdomain.domainName.com and pointed my static IP address to it.
In IIS I have created a self-signed certificated with *.domainname.com that it can be used to multiple sites.
Now, i have published a site to a local directory and in IIS I have created a site with host name the same domain for which I have created an "A" record.
I have added http and https bindings with port 80 and 443 with the same host name.
But still my site is not working.
The error I am getting is "This webpage is not available"
Can any one help me?
Resolved it my self.
I was missing Port Forwarding in my router software for HTTPS.
In my web-application, each HTTP request is automatically be converted to HTTPS. And I forgot to forward Port 443's request to the machine to which I have set the static IP Address and DNS.
After adding that port forwarding record to the router's software my application is working fine over internet.
I am having an issue getting an IIS 7.5 website to answer when I connect to it using an IP address.
I have a Win2008 Server set up with IIS 7.5. It has only one IP address bound to it (10.10.10.10), and IIS listens on it just fine. I have IIS hosting two websites: defaultsite and mysite. Both of these two are necessary to be present. (To be fair, I have many more sites, but 2 will simplify things.)
Defaultsite is your typical IIS default site and has an IIS binding of "*:80:"
I want to access "mysite" via the DNS name but also the public IP address 1.1.1.1. So I've added the appropriate bindings:
":80:1.1.1.1"
":80:mysite.com"
My DNS and load balancer are moving traffic just fine to the IIS server. Everything works fine when hitting the server via "mysite.com" and I get the defaultsite if I try other ways to get to the server.
The problem is when I use 1.1.1.1 to get to the server, I get there, but I'm still sent over to the "defaultsite" rather than "mysite." My IIS logs and the file contents I retrieve verify this behavior.
Any ideas on how to get an IP address set as the host header on a site binding? (Searching for this situation is vexing; since all my key terms are present any time you work with host headers/bindings.)
Remove the binding for *.80 from the default site and make it respond to 10.10.10.10 and then your other site will get picked up when you type the 1.1.1.1 site. IIS is responding to the request but the rule states 'If any site comes through on port 80, respond to the default site'. The DNS name works because you are going by name and the lookup is not there on the default site.
We've got a Windows Server 2003 running IIS 6 where we host multiple sites with different domains. www.site1.com, www.site2.com etc.
Now one of these sites need a SSL certificate, so I ordered a certificate from rapidssl.com for the domain www.site1.com.
The problem:
After installing this SSL certificate all https request to this server, regardless of domain, gets redirected to the www.site1.com site.
FYI: This is the only site on the server that got a SSL certificate installed.
Anyone?
cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:" solved the problem.
According to this site, SSL does not support host headers. If you have more than one IP on your server, try using one IP for the SSL website and use other IPs for the other sites. If you don't, ask for another IP for your server to your helpdesk.
It's possible...
http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html
http://www.digicert.com/ssl-support/configure-iis-host-headers.htm
As per post by Kulvis