Setting up HTTPS: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
== CREATING SINGLE HTTPS WEB SITE == | |||
== | === Creating a site in IIS === | ||
IIS sites need either unique ip numbers (set in tcp/http *and* ssh/https settings== | |||
ip number has to be one of the available ones provided to neosys by leaseweb etc. | ip number has to be one of the available ones provided to neosys by leaseweb etc. | ||
Line 9: | Line 11: | ||
put host header value to be <i>clientname</i>.hosts.neosys.com otherwise all sites cannot have the same port for https (8123). We could use random arbitrary ports for http since they are going to blocked by tcp/ip filtering or firewall but it is better to know that port 8123 is the only one since IIS insists on having a port for http. | put host header value to be <i>clientname</i>.hosts.neosys.com otherwise all sites cannot have the same port for https (8123). We could use random arbitrary ports for http since they are going to blocked by tcp/ip filtering or firewall but it is better to know that port 8123 is the only one since IIS insists on having a port for http. | ||
== | === Install ssl/https on the site. === | ||
install selfssl.exe from Microsoft site then | |||
C:\Program Files\IIS Resources\SelfSSL>selfssl /v:9999 /s:866651215 /p:4430 /n:CN=clientname.hosts.neosys.com | C:\Program Files\IIS Resources\SelfSSL>selfssl /v:9999 /s:866651215 /p:4430 /n:CN=clientname.hosts.neosys.com | ||
Line 22: | Line 21: | ||
The self signed certificate was successfully assigned to site 866651215. | The self signed certificate was successfully assigned to site 866651215. | ||
== | /v:9999 means valid for 9999 days | ||
/s:866651215 is the site number in this case (site number is shown in IIS – refer below) | |||
/p:4430 is the non-standard port number neosys uses by convention for ssl/https instead of the standard 443 | |||
/n:CN='''clientname'''.hosts.neosys.com indicates the full domain name of the site | |||
=== Testing access to the new https web site. === | |||
Make a subdomain '''clientname'''.hosts.neosys.com | Make a subdomain '''clientname'''.hosts.neosys.com | ||
Line 35: | Line 39: | ||
closing all internet explorer versions and restarting is necessary for installed certificates to become effective. | closing all internet explorer versions and restarting is necessary for installed certificates to become effective. | ||
== | == CREATING MULTIPLE HTTPS WEBSITES == | ||
=== Bugs === | === Bugs === |
Revision as of 20:09, 28 October 2006
CREATING SINGLE HTTPS WEB SITE
Creating a site in IIS
IIS sites need either unique ip numbers (set in tcp/http *and* ssh/https settings==
ip number has to be one of the available ones provided to neosys by leaseweb etc.
port number for tcp/http should be the neosys standard arbitratry port of 8123 (not port 80 ... to prevent access via standard http)
put host header value to be clientname.hosts.neosys.com otherwise all sites cannot have the same port for https (8123). We could use random arbitrary ports for http since they are going to blocked by tcp/ip filtering or firewall but it is better to know that port 8123 is the only one since IIS insists on having a port for http.
Install ssl/https on the site.
install selfssl.exe from Microsoft site then
C:\Program Files\IIS Resources\SelfSSL>selfssl /v:9999 /s:866651215 /p:4430 /n:CN=clientname.hosts.neosys.com
Microsoft (R) SelfSSL Version 1.0 Copyright (C) 2003 Microsoft Corporation. All rights reserved.
Do you want to replace the SSL settings for site 866651215 (Y/N)?y
The self signed certificate was successfully assigned to site 866651215.
/v:9999 means valid for 9999 days /s:866651215 is the site number in this case (site number is shown in IIS – refer below) /p:4430 is the non-standard port number neosys uses by convention for ssl/https instead of the standard 443 /n:CN=clientname.hosts.neosys.com indicates the full domain name of the site
Testing access to the new https web site.
Make a subdomain clientname.hosts.neosys.com
https://clientname.hosts.neosys.com:4430/neosys
If you get certificate error:
- check that the selfsll /n:CN=clientname.hosts.neosys.com matches the domain name used in IE
- install the certificate into the client computer (double click the padlock, view certificates etc)
closing all internet explorer versions and restarting is necessary for installed certificates to become effective.
CREATING MULTIPLE HTTPS WEBSITES
Bugs
SelfSSL allows only one website to have SSL at a time
IIS Diagnostics Toolkit which has fixed SelfSSL but doesnt enough full control http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx
Solution
- create certificate for site 1
- export the certificate to a pfx file (IIS->directory security->server certificate wizard)
- create certificate for site 2. First site's certificate should no longer work
- remove certificate from site 1
- import pfx from step 2 using same wizard
SSL on both sites should now work!