I have two sites which are ****.twsstaging.com and ****.testrdcstg.com. I have wildchar certificates for both the sites.
I am using IIS 8.5 in Windows server 2012R2. I have a SINGLE site configured in IIS which resolve to both these domains.
Now I need to add SSL to these sites. I have tried with adding multiple bindings on 443 which leades to use only one certificate.
Since IIS is 8.5 i am not able to give *.twsstaging.com or *.testrdcstg.com as header values in bindings. I have tried this in IIS 10.0 and succeeded as wildchar hostname entries are allowed.
This is the error while trying to add wildchar hostname in binding
I tried (Server Name Indication)SNI as well which also failed due to above error as i cannot give wildchar host names.
Now I am trying to use a Central Certificate Store(CCS) with wildchar. Below are my setup screenshots
One Certificate details
Central Certificate store
IIS Binding
I added an entry in \System32\drivers\etc\hosts file as well
But if I am browsing HTTPS:// first site is showing 404 page and other is showing privacy error message
It looks like still both domains are loading with one certificate.
Earlier,When I added these bindings normally HTTPS was working fine first sites and same privacy error for second one.
So here the ask is Can I achieve this in IIS 8.5?
I have tried normal bindings,SNI and CCS approaches on same 443 port.
Is there any way to achieve it either though CCS or through different port?
ran into this a few years ago and again today after an outage where we had to change the IP bindings.
use a random host name like 123.com
save the binding
edit C:\Windows\System32\inetsrv\config\applicationHost.config
replace 123.com with * and save
restart iis site
Related
I have an Azure web app up and running, using a custom domain purchased outside of Azure... and that all runs fine. So I have https://myappname.azurewebsites.net/ loading fine with my domain name URL https://www.myappname.com
I'm trying to upgrade the web app, though using Azure Traffic Manager. I've cloned the app a few times, each on its own app service plan, and I have the traffic manager all up and running fine. I can successfully hit different versions of my cloned website based on the traffic manager configuration profile... so no issues there.
The only issue is that I can only access the "traffic managed" version of my website via the standard azure URL -> myappname.trafficmanager.net.
All examples I've seen say all I really need to do now, is go into my DNS Management screen, and add domain forwarding, however, my online DNS management tool does not offer this option.
I can't really change my A record in the DNS management screen, because I don't know the IP address of myappname.trafficmanager.net
Every place I've tried to change the name of the current/working Azure URL (like in awverify text files, www cnames, etc.) does nothing. The DNS still points to the single instance which remains in the IP address od the DNS managers A record.
Also, since my live/single instance is linked to the domain name (along with the SSL binding), I can't add those properties to the clones, which makes sense....only one version can be live. However I could unbind that when I make the switch from the single instance web app to the traffic managed set of clones, but I fear I can only bind that to one of the clones. I can't seem to bind it to the myappname.trafficmanager.net version, which might cascade down to all of its endpoints. Is there a way to bind my domain name and SSL cert to more than one version of my web app?
Thanks!
Is there a way to bind my domain name and SSL cert to more than one
version of my web app?
I don't think you can do that unless you have two different domains or subdomains with each own SSL cert. Each web app hostname is unique globally and each SSL binding is attached with the web app domain name.
If you have a purchased domain and just keep the default xxx.azurewebsites.net as each hostname. Then you could configure the two Azure app serves as the endpoint of TM.
By default, Azure provided a wildcard cert for this domain *azurewebsites.net, so you can automatically access this hostname with HTTPS without any extra cert. Then use a CNAME record www in the domain domain.com in your DNS provider to point to the traffic manager hostname myappname.trafficmanager.net. Since Traffic Manager works as DNS level, it does not validate the server and client SSL, you could safely ignore the SSL warning when accessing with traffic manager hostname.
Feel free to let me know if you have any question.
I have hosted my software product (Say SoftPro) on one the servers (say Server1). This SoftPro is a web application with Https with Self signed certificate. The server is in Demiliterized zone (DMZ). So, from client machines, I cannot use server name to access my software product. Instead, I need to use servers IP address (Like- https://10.20.30.40/SoftPro).
But when I do this, I get a certificate error saying - "The security certificate presented by this website was issued for a different website's address". Even if I install the certificate and re-open the browser, the issue still exists. This issue is there when I use https://localhost/SoftPro on the server itself.
I tried adding this to Trusted site. I also tried redirecting IP address to hostname by adding IP address and its DNS name to Hosts file in C:\Windows\System32\drivers\etc. If I open the browser with https://10.20.30.40/SoftPro, it doesnt redirect and it still gives me same error.
Any workaround for resolve this issue?
Thanks in advance.
I cant seem to run multiple sites using the same IP with different ports and different ssl cert.
site a is fine but site b is returning SSL_ERROR_BAD_CERT_DOMAIN because it's returning site a's ssl cert.
This is the error I get when trying to use it on the same ports hence I use different ports for the domains
Here are my thoughts:
First of all SSL certificates are most commonly issued against domain names instead of IP addresses.
In your scenario you have one IP address so only one certificate can be issued against one IP address.
Options:
Get multiple SSL certificates for your website domains assuming your websites will be hosted on different domains e.g. example1.com, example2.com
Get wild card ssl certificate and then use it for your multiple websites assuming your websites will be hosted on sub-domains e.g. site1.example.com, site2.example.com
So the solution provided by Moshin Mehmood did resolve the issue.
Any site on IIS will have to use SNI and there is no reason to supply a specific IP if all the sites use the same one, IIS will give an error about not having any default ssl bindings but that is a legacy thing and not cause for concern.
Thank you very much Mohsin.
We just moved a bunch of our websites from one server to another (obviously changing their IP addresses in the process), some of which were multisites in magento. The domains are not parked, but the multisites work. I don't completely understand how magento works regarding multisites, but that's not necessarily what my question is.
When we moved the websites, the multisites were broken. Eventually, we hired a freelancer to fix the multisites. Last night, i put the entire website package (multisites included) on their own dedicated IP addresses. They're on the same server, in the same place, but they have their own IP address on that server. I just walked in monday morning and SSL is broken on all the multisites, but works on the main website. Can anybody tell me what to do here? I have access to the certificate, bought through a third party. When i try to list the certs in cpanel, it just lists the main website as a "controlled certificate". My question is, why did these work on the original IP address after being transferred to the new server? and how do i set up SSL on the multisites? I have cPanel but im actually an admin that's worked WITHOUT cpanel for many years (not in webhosting). so i dont know much about ssl.
Depends on what certificate you have and server config. The only thing in magento you should check is the secure url is https and that it is enabled per each site in the admin. The certificate setup depends on what type of certificate you are using. If it's a wild card/ucc certificate that covers all domains/subdomains then it should simply install the certificate and the issuing authorities certificate, setup vhosts and it should work for all sites. If it's individual certificates per website you will need to install each certificate onto the server but this can be complex.
You also need to configure the apache vhost for each site so there is a host listening on port 443 for each site. there should be an ssl directive poiting to the certificate files. Check the vhost for the working site and compare to the others to see if anything is missing. If individual certificates (i.e. one per each domain) you normally need to have multiple ips for your server, one per each domain.
This issue got complex because our server was set up using cPanel, which means it had a bunch of pre-installed programs (like, for example, sendmail, dovecot, etc.) the program that was giving me grief over this issue was suphp. I couldn't figure out how to make the multisites work independently of the parent website. so, say i have www.frattoys.com as the parent and a bunch of child sites that pull from it, like frattanks.com, irontap.com, etc. those child websites share source code with frattoys.com. suphp wasnt allowing frattanks and irontap to pull code from frattoys if they were independent websites; independent cpanel and user accounts. thats why i was trying to install SSL on top of addon or subdomains; hence the question. as it turned out, i ended up uninstalling suphp and replacing it with fastcgi. that way, i could set the permissions to what they needed to be, share the code with frattoys, and install SSL on the child websites without too many issues.
The eventual solution to my problems was to install fastcgi (uninstall suphp), create independent users for each child website, and install SSL certificates from WHM for each child user.
I have a sub-domain sub1.primary.com that works correctly. Now I need to setup sub2.primary.com and have it point to the same web application as sub1.primary.com. I tried it as a new A record and a new CName however when I try navigating to sub2.primary.com and expect to see sub1.primary.com I see a completely different application that sits on sub7.primary.com.
I have tried the A record solo, the CName solo, both together, and each instance with and without pointer records. I am using a Windows 2003 Server with IIS 6. I tried googling for an answer and couldn't find any information.
Here is my setup at the moment. I have created a Host (A) record in DNS for sub2.primary.com with an associated pointer record. I have added the sub2.primary.com to host headers of sub1.primary.com. Whenever I navigate to sub2.primary.com it displays sub7.primary.com instead of sub1.primary.com. Which is bizarre because if it were going to default to something I would rather it default to www.primary. com.
I don't know if it matters but the sub1.primary.com is under SSL and so is sub7.primary.com, along with 5 others on a *.primary.com SSL cert.
Each subdomain should have an A record pointing to the same IP. I sounds like this is what you tried first -- if that didn't work, I'd suggest making sure that your web server's vhost configuration is sending sub2.primary.com to the right place.
When IIS hosts multiple websites on the same IP address, it uses the incoming request URLs to guess which virtual site to send the client to.
In other words: you need to configure your host headers to accept both names for the appropriate web site. Microsoft publishes some good how-to documentation here and here, or here is a more detailed explanation.