I have created two sites on my server, on different subdomains. I have a SSL certificate I am binding to website A, running without problems. When I add binding to the same certificate on website B, it fails to run, saying
"This website cannot be started. Another web site may be using the same port."
When I remove the binding to :443 from website B and just leave http running at :80, it starts without problems (website A's http is also running on :443). What could be the problem?
Note: apparantely, the reason why both A nd B are capable of running on :80 is that they are also bound to different subdomains - however, the textbox for inputting website-specific subdomains is disabled when adding a binding to an SSL certificate.
Related
I have installed Godaddy Certificate with steps below
https://in.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-8-server-4951
After adding in Binding on port 443, the website opens with https on the server machine.
When tried to access from outside machine, it shows this site cannot be reached.
It is still working with http everywhere.
Note - basic things are all done like restarting server.
I'm trying to set up a different website on IIS but it keeps wanting to use an SSL certifcate that is configured for a different website within the same IIS.
e.g. https://localhost:443 has a security certificate but i want to create http://localhost:98/
Steps I've done:
Created a new application pool
Created the website within IIS
Edited bindings to point to a specific IP address and port: e.g: http://123.456.789.10:98/
Edited binding for localhost to use a different port: 98 e.g: localhost:98/
What's happening is that now whenever I go to localhost:98 or the ip address, it keeps redirecting the site back to the website that has the SSL certificate for it
eg. I click localhost:98/ but it redirects to https://localhost/
What can possibly be incorrect with this setup? I had it working before but then when i tried to apply a different SSL certificate, it didn't work, i re-set up everything and it's constantly pointing to this situation.
I have a GCP instance group with 2 instances. Both are up and running. I want to configure a load balancer (HTTPS) to manage the traffic.
I've set up a forwarding rule with the HTTP-protocol and a certificate managed by google. This all works, but only when the traffic between the load balancer and the backend (the instances) is plain HTTP.
Steps I did so far
I create a template and this template is just a normal N1 series machine. I checked the boxes to create firewall rules for allowing http and https traffic.
I create a firewall rule named "allow-ports". This firewall rule targets all instances in the network, has a 0.0.0.0/0 IP-range and allow port tcp = 80, 443. How I see this, this firewall rule should open both the http (80) and https (443) port.
I create an instance group with port mapping. "http-port" = 80, "https-port" = 443. I use the template I just created.
When the instance group is created, I check if this is running. With SSH, I get access to the instances and install apache (sudo apt-get install -y apache2) on the both. When navigating to their external IP's in the browser, I see them both.
I create a HTTP(S) load balancer, with the option "From internet to my VMs". For backend configuration, I add a backend service with my instance group, protocol HTTP, named port "http-port". For frontend configuration, I set up the HTTPS protocol, create an IPv4 IP address, create a google-managed ssl certificate, and I'm done. I also added health checks btw.
Now... these steps work (after a few minutes). With the cloud DNS, I have set up a domain name which points to the IP address of the load balancer. When going to , I see the apache page.
What doesn't work?
When I change the backend configuration to HTTPS (and named port "https-port"), I get a 502 server error. So it seems to me that there is some connection, but there is an error. Could this be an apache error?
I have spent a whole day, creating and recreating instance groups, firewall rules, load balancers, ... but nothing seems to work. I'm surely missing something, probably something dumb, but I have no clue what it could be.
What do I want to achieve?
I do not only want a secure (HTTPS) connection between the client and my load balancer, I also want a secure connection between the load balancer and the backend service (the instance group). Because GCP offers the option to use the HTTPS protocol when creating a backend service, I feel that this could be done.
To be honest: I'm reading some articles about the fact that the internal traffic is secured, so a HTTPS connection is not necessary. But that doesn't matter to me, I really want to know how this works!
EDIT
I'm using the correct VPC (default). I also edited the firewall rule from 0.0.0.0/0 to 130.211.0.0/22 and 35.191.0.0/16 (see: https://cloud.google.com/compute/docs/tutorials/globally-autoscaling-a-web-service-on-compute-engine?hl=nl#configure_the_load_balancer).
In addition to my previous comment. I followed your steps at my test project to find out the cause of your issue. I installed the same configuration and checked it with HTTP at the back-end. As it was expected, I found no errors. After that, I installed SSL certificates to the back-end and to the load balancer. Then I switched my back-end, load balancer and health checks to HTTPS and disabled HTTP at the back-end. At this point, I found no errors also.
So, I decided to get 502 error in my test configuration in some way. I switched my health check at the load balancer to HTTP. A few minutes later I tried to reach my test service again and got 502 error. When I switched back my health check to HTTPS 502 error gone away.
During this test, I didn't change firewall rules, but allowed HTTP and HTTPS traffic in my instance template and I used default network.
I have a strange problem which I can't identify the cause of.
There are two servers which host two different sites. Both sites are PHP-based apps.
Server 1 (Ubuntu)
https://app.site1.com
Server has SSL enabled for this site. This site works fine.
Server 2 (Red Hat)
http://app.site2.com
Server does not have SSL enabled for this site.
Here's what happens:
If I access site 2 on http:// it works fine.
If I access site 2 on https:// it redirects to site 1 on the other server.
Now obviously there is something telling this subdomain to go to the other site when served via SSL.
What I have checked:
All virtual hosts on both servers
All DNS records on both servers
All Site 2 website code
Site 2 .htaccess files
Using uncached browsers
There is NOTHING on either of the servers, that I can find, telling site 2 to redirect to site 1, only on HTTPS. Now obviously I don't expect anybody to find the problem directly because you can't see my entire server configuration, but I am looking for suggestions as to where else this redirect could come from.
I could understand this if you had site1 and site2 hosted on the same server.
Basically if you have no config set up for a second vhost on https (port 443) then Apache will fall back to first vhost by default.
So if both sites were in same Apache config then that might be it. But you say they are not. Are you sure you are not serving both sites from the same server (perhaps with a copy in the other server)? Are the IP addresses the same? Are there any load balancers or CDN infrastructure in front of both servers?
Also you say "If I access site 2 on https:// it redirects to site 1 on the other server." Can you explain more about what happens here? If you go to site 2 and do not have https set up then how can this even respond to this request? What certificate is being presented to that initial request (i.e. before the redirect)? Is it the site1 certificate? And if so then do you get a certificate error in the browser (since its presenting the wrong certificate for the site you requested) that you have to click through before you get redirected? Or is the cert valid for both sites?
You can also use this openssl command to see what the server returns (and in particular which certificate it returns):
openssl s_client -connect app.site2.com:443
It would also be handy to look at the browsers developer tools and see how exactly the redirect is happening. In Chrome press F12, go to Network tab, click on preserve log and then go to https://app.site2.com/. What is the first request? Is it a 301 or 302 (i.e. Server side redirect)? Or if it's a 200 followed by the https://app.site1.com/ then some piece of JavaScript must have caused the redirect.
Once you have answered those questions it may be possible to provide further guidance.
I have a domain which we'll call www.mydomain.com for reference. I have a subdomain at m.mydomain.com for people who want to view the website via their mobile devices. My users are logging into this site so I wanted to protect their credentials if possible. Because of this, I purchased an SSL certificate.
I'm not an SSL certificate guru, so I may be misunderstanding something. I thought that I could have a single SSL certificate for my domain. However, when I attempt to access https://m.mydomain.com I get redirected to https://www.mydomain.com instead of seeing the content that is at http://m.mydomain.com. In other words, here is a list of my configurations and results pulled from IIS 7:
Site Name Binding Type Host Name Port IP Address Result via Browser
--------- ------------ --------- ---- ---------- -----------------------------------
MySite http 80 ww.xx.yyy.zz http://www.mydomain.com works fine
MySite https 443 ww.xx.yyy.zz https://www.mydomain.com works fine
MyMobileSite http m.mydomain.com 80 ww.xx.yyy.zz http://m.mydomain.com works
My first hunch was to add a new binding of type https to MyMobileSite on port 443. However, in the process, I noticed that I'm prompted to select an SSL certificate. I'm concerned that if I select the SSL certificate associated with MySite, it will break that binding. Once again, I do not fully understand SSL certificates. Can I use the same SSL certificate across multiple IIS Sites and multiple binding as long as they share the same domain? Can I go ahead and create the binding like I was thinking? My main concern is that I break something and being unable to reverse it.
Thank you!
no the fact is that certificates are used to verify that your not using someone else's ip (spoofing) i suggest using linux and self signed ssl certificates but if your using windows thats fine too just use ssl on all your domains as long as there on same (external) IP,
hope this helps.
PS SSL is just a way of making sure security encrypted protocols are in effect between server and client.
I always recommend having both :443 and :80 for everyone to choose how they connect except if you are running sensitive data streams for money transfers etc, then defiantly make sure it uses secure (443 port) and never port 80 (unsecured connection).
It all depends on the type of certificate you purchased. Usually your lower costs cretificates are tied directly to one domain/sub domain name. However there are certificates that you can buy for instance the
http://www.verisign.com/ssl/buy-ssl-certificates/subject-alternative-name-certificates/index.html
Depending upon your organizations policy on purchasing, i would almost just suggest buying a seperate one for the Mobile site