SSL Enable a SharePoint site on a port other than 443 - ssl

There is a SharePoint web application on my server that is already https and listening on port 443 (which I don't own/administer). Currently, my SharePoint web application is http and on port 88. How do I SSL enable it on a different port other than 443? I think that if I create another SSL binding on 443, the other site or mine or both will become unusable, is that correct? What is the best approach for more than 1 SSL enabled SharePoint site on a web server? Can I do this via host headers, or dedicated IP Addresses and if yes then how?

Check out this blog. Either use different IP's or a wildcard certificate.
But if you are using SharePoint 2013 on Windows Server 2012, then there is a new thing called SNI (New to IIS anyway) that allows you to use the hostname at the beginning of the handshake to identify the certificate to use.
To enable this all you have to do is go into IIS -> edit bindings, and check "Require Server Name Indication". This will switch the cert binding from IP:Port to Hostname:port, allowing for multiple web applications to use ssl with the same ip and port.
See:
http://en.wikipedia.org/wiki/Server_Name_Indication
And
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
Also, you can ssl enable it on a port other than 443 by:
Editing the bindings in IIS
Then edit the AAM in Central Admin
You probably shouldn't do this though because your users will have to type the port after the websites name since it isn't using the 443 default.

Related

configure two dydns websites of IIS with two different SSL ports and configure port forwarding for both

I have two iis websites. One I have a localhost on port 80 and was setup for dydns with ssl port forwarding external: 443 and internal port:1124 and the website is working perfectly with dydns access.
I wanted to setup another website with the ssl port but was unable to do so. As when I set the port forwarding external Ssl:443 and the internal ssl port:1129. the other dydns entry redirects to the first website. This website does not work without https.
So. How do I setup two websites for ssl port forwarding on the same machine?
Any help is appreciated.
You don't necessary need an entirely different port for each website you host on the same machine. You can use the same http/80 and https/443 to serve multiple website through virtual hosts.
I'm not familiar with IIS, but I do know that it's possible on IIS just like Apache and NGINX does. You can read about setting up virtual hosts on IIS here. Also I answered a similar question here.

IIS8 https refused to connect

I have a windows 2012 server and have applied an SSL certificate following godaddy's guide:
https://uk.godaddy.com/help/iis-7-install-a-certificate-4801
I have applied the binding on the site in IIS however when I try to view the https site I get "refused to connect".
I have updated the firewall setting to allow port 443.
Any ideas?
It was due to my site using a load balancer.
An additional load balancer for port 443 was required.
Anyone using rackspace will find this useful:
To allow secure traffic you would need an additional load balancer
allowing traffic on port 443, with a shared VIP with the current one.
https://support.rackspace.com/how-to/configure-a-load-balancer/

Accessing an IIS Express site from a remote computer with SSL enabled

Using this guide I managed to access my server from remote hosts. However, now I want to enable SSL on my server and I know that there is an option in the configuration to enable SSL but the https URL added is on localhost. How do I do the same as in the tutorial but with SSL, just add another binding but with port 443? or is there something more to it.
Thanks.

Using Apache server beside Windows' World Wide Web Publishing Service

I have an old site (oldsite.com) running via World Wide Web Publishing Service on a Windows Server 2003 server. I've just create a new site (newsite.com) using the same server but running through Apache. The old site with its service running on port 80 already so I had to config Apache using port 8080. The problem is now when I publish my new site, the url has to be newsite.com:8080. How can I config Apache so that it can contain no port, just newsite.com?
As far as I know from personal experience and research:
Due to the nature of DNS Records you cannot specify the domain to redirect to an IP address and a port.
If both servers are listening on the same port a request would not know which site to direct to.
As the default port the domain specifies is port 80, any other port must be specified for the request to go to the correct location.
Therefor you cannot have newsite.com redirect to the server IP on port 8080, as it can only be directed to the server IP with DNS records. The port must be specified in the URL if it is on a port other than 80.
Edit: I just found this post about using a reverse proxy to do something similar to what you have described. Take a look and see if it helps you.
You cannot have two services listening on the same port. You can change the old site to listen to another port, set apache to port 80, then use mod_proxy to enable the old site to be accessed from apache using virtualhost
I have just make it work. Although in IIS Manager, there was no website listening on 0.0.0.0:80 but I still had to delete this entry by httpcfg tool. After that Apache can start normally.

HTTPS block domain

When having multiple domain names point to the same server. But you only have a certificate for one of these domains, is it possible to block the other domains in Apache. But only when HTTPS is used not when HTTP is used.
I tried using a NameVirtualHost setup for 443 port. But when the domain is not found Apache simply defaults to the first virtual host. I would like it to refuse the connection. In this way when connecting directly through HTTPS on one of the not supported domains the connection is refused rather then having the browser display warning screen because of a wrong identity.
Any thoughts?
Not possible.
This is a chicken and egg problem - to verify an https connection the browser connects and tries to validate the certificate/common name and the given URL. The first handshake / connection to port 443 has to be encrypted.
The only way to handle this problem would be to setup dedicated IPs for all domains - or for at least the domain using HTTPS.
It's far from ideal, but another option would be to use a non-standard for your HTTPS site and not have the server listening on port 443.