Setting up HTTPS: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
HOW TO CREATE HTTPS WEB SITE FOR A CLIENT | HOW TO CREATE HTTPS WEB SITE FOR A CLIENT | ||
1. in IIS create a site with a unique ip number (set in tcp/http *and* ssh/https settings | == 1. in IIS create a site with a unique ip number (set in tcp/http *and* ssh/https settings== | ||
ip number has to be one of the available ones provided to neosys by leaseweb etc. | ip number has to be one of the available ones provided to neosys by leaseweb etc. | ||
port number for tcp/http should be the neosys standard arbitratry port of 8123 (not port 80 ... to prevent access via standard http) | |||
put host header value to be <i>clientname</i>.hosts.neosys.com otherwise all sites cannot have the same port for https (8123). We could use random arbitrary ports for http since they are going to blocked by tcp/ip filtering or firewall but it is better to know that port 8123 is the only one since IIS insists on having a port for http. | put host header value to be <i>clientname</i>.hosts.neosys.com otherwise all sites cannot have the same port for https (8123). We could use random arbitrary ports for http since they are going to blocked by tcp/ip filtering or firewall but it is better to know that port 8123 is the only one since IIS insists on having a port for http. | ||
2. Install ssl/https on the site. (install selfssl.exe from Microsoft site) | == 2. Install ssl/https on the site. (install selfssl.exe from Microsoft site)== | ||
/v:9999 means valid for 9999 days | /v:9999 means valid for 9999 days | ||
| Line 22: | Line 22: | ||
The self signed certificate was successfully assigned to site 866651215. | The self signed certificate was successfully assigned to site 866651215. | ||
3. Test access to the web site. | == 3. Test access to the web site. == | ||
Make a subdomain clientname.hosts.neosys.com | Make a subdomain clientname.hosts.neosys.com | ||
| Line 30: | Line 30: | ||
If you get certificate error then a) check that the /n:CN= matches the domain name used and b) install the certificate into the client computer (double click the padlock and view certificates) | If you get certificate error then a) check that the /n:CN= matches the domain name used and b) install the certificate into the client computer (double click the padlock and view certificates) | ||
== | == How to do Multiple sites on SSL/HTTPS == | ||
=== Bugs === | |||
SelfSSL allows only one website to have SSL at a time | |||
IIS Diagnostics Toolkit which has fixed SelfSSL but doesnt enough full control | |||
http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx | http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx | ||
=== Solution === | |||
#create certificate for site 1 | |||
#export the certificate to a pfx file (IIS->directory security->server certificate wizard) | |||
#create certificate for site 2. First site's certificate should no longer work | |||
#remove certificate from site 1 | |||
#import pfx from step 2 using same wizard | |||
SSL on both sites should now work! | SSL on both sites should now work! | ||
Revision as of 19:59, 28 October 2006
HOW TO CREATE HTTPS WEB SITE FOR A CLIENT
1. in IIS create a site with a unique ip number (set in tcp/http *and* ssh/https settings
ip number has to be one of the available ones provided to neosys by leaseweb etc.
port number for tcp/http should be the neosys standard arbitratry port of 8123 (not port 80 ... to prevent access via standard http)
put host header value to be clientname.hosts.neosys.com otherwise all sites cannot have the same port for https (8123). We could use random arbitrary ports for http since they are going to blocked by tcp/ip filtering or firewall but it is better to know that port 8123 is the only one since IIS insists on having a port for http.
2. Install ssl/https on the site. (install selfssl.exe from Microsoft site)
/v:9999 means valid for 9999 days /s:866651215 is the site number in this case (site number is shown in IIS – refer below) /p:4430 is the non-standard port number neosys uses by convention for ssl/https instead of the standard 443 /n:CN=clientname.hosts.neosys.com indicates the full domain name of the site
C:\Program Files\IIS Resources\SelfSSL>selfssl /v:9999 /s:866651215 /p:4430 /n:CN=clientname.hosts.neosys.com
Microsoft (R) SelfSSL Version 1.0 Copyright (C) 2003 Microsoft Corporation. All rights reserved.
Do you want to replace the SSL settings for site 866651215 (Y/N)?y
The self signed certificate was successfully assigned to site 866651215.
3. Test access to the web site.
Make a subdomain clientname.hosts.neosys.com
https://clientname.hosts.neosys.com:4430
If you get certificate error then a) check that the /n:CN= matches the domain name used and b) install the certificate into the client computer (double click the padlock and view certificates)
How to do Multiple sites on SSL/HTTPS
Bugs
SelfSSL allows only one website to have SSL at a time
IIS Diagnostics Toolkit which has fixed SelfSSL but doesnt enough full control http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx
Solution
- create certificate for site 1
- export the certificate to a pfx file (IIS->directory security->server certificate wizard)
- create certificate for site 2. First site's certificate should no longer work
- remove certificate from site 1
- import pfx from step 2 using same wizard
SSL on both sites should now work!
