I have an unsecured domain and want to create a secured sub-domain. On the same IP address running Windows Server 2008 and IIS 7.
So I've purchased a wildcard SSL certificate for *.mydomain.co.uk and installed it fine on the server. It appears under the server certificates correctly.
I've set up the subdomain with a HTTP binding for testing purposes and everything works fine - so it's not a problem with IIS. I then add an HTTPS binding for the subdomain on the normal 443 port and because I've named the certificate *.mydomain.com, the hostnames box is enabled for me in the UI. So I setup the HTTPS binding, remove the HTTP binding, restart the website and IIS. When I browse to www.mydomain.com that works fine - but when I browse to https://subdomain.mydomain.com I get a browser fault saying it can't find the server.
Any help would be much appreciated.
OK figured it out - as normal it was a multitude of problems not just one.
First was a firewall issue - the server is running on Amazon EC2 and the security group was set up to block HTTPS traffic on port 443.
Second up was indeed the DNS. Although the sub-domain was browsable WITHOUT a CNAME record when using HTTP binding, an explicit CNAME record seems to be required when using HTTPS. Don't ask me why.
The sub-domain in question is for an IFrame Facebook app. It rendered fine in IE and Chrome but Firefox threw up the ssl_error_renegotiation_not_allowed error. This was due to the SSL settings in IIS - they need to be set to Require SSL (unticked) or ticked but then Client Certificates to Ignore
Phew - glad it's up and running now.
Check your DNS setup and make sure you've got an A or CNAME record for subdomain.mydomain.com.
Just having your webserver set up to handle a particular domain name doesn't mean the hostname/domain actually exists - the DNS system must be configured for it as well.
I was able to do this with A records not CNAME. I do not have require SSL ticked. I used URL rewrite instead.
<rule name="redirect to https" stopProcessing="true">
<match url="http://(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
</rule>
You also need to setup SSL Host Headers on all secure subdomains using the wildcard certificate.
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
It can be a pain to figure this one out, but one thing to look for is
But make sure that the identity for the app pool used for the subdomain has permissions to the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder.
Related
OK, what I want is, if a person types the URL "test.MyClientsDomain.net" they actually go to "MyCompanyDomain.com" (but the URL bar shows "test.MyClientsDomain.net").
Here is what I have done so far:
We purchased a SSL from goDaddy that allows us to add multiple domains and both domains are on it.
MyCompanyDomain.com is our main site, on a windows server at Rackspace that I have control over, and that works as expected
I have MyClientsDomain.net registered at NameCheap, the DNS is hosted at a 3rd party (plesk server that I have control of)
I have added a CNAME at the 3rd party DNS that points test.MyClientsDomain.net to MyCompanyDomain.com
I have added the "zone" MyClientsDomain.net to the DNS at Rackspace and it points to the webserver's IP
I have added a CNAME at the Rackspace DNS that points test.MyClientsDomain.net to MyCompanyDomain.com
But it's not working as I want, can you tell me what I am doing wrong?
According to your description, when you type test.MyClientsDomain.net in the browser, you want to be redirected to MyCompanyDomain.com, but the URL bar of the browser still displays test.MyClientsDomain.net.
In IIS, to achieve this effect you need to use the URL Rewrite module and configure proxy settings for ARR. If you have not installed the ARR module on IIS, you can refer to this link.
When you have two websites, the domain name of website 1 is bound to MyCompanyDomain.com, and the domain name of website 2 is bound to test.MyClientsDomain.net. If you want to achieve your needs, you need to create a rewrite rule on website 2. The following URL rewrite rule in the web.config can give you a reference:
<rewrite>
<rules>
<rule name="test rule in website2" enabled="true">
<match url=".*" />
<action type="Rewrite" url="http://MyCompanyDomain.com" />
</rule>
</rules>
</rewrite>
Also, you need to select Application Request Routing Cache module at server level and select "Server Proxy Settingsā¦" on the right tree node
, then check "Enable Proxy" and apply.
At this time, when you type test.MyClientsDomain.net in the browser, you will see that the page loads the content of the MyCompanyDomain.com website, and the URL bar still shows test.MyClientsDomain.net.
You aren't mentionning the use of Name Virtual Hosting on MyCompanyDomain.com and for this reason you're ending serving that old domain matching the same IP.
Name Virtual Hosting allows one to publish multiple applications on the same IP, or to publish a very same application with different domain names (what you call "masking"). However for the latter to be completely transparent, nothing like a 301/302 Redirect from one domain to the another should be configure.
Have a look at how configuring Configuring SSL Host Headers in IIS.
I'm trying to set up a different website on IIS but it keeps wanting to use an SSL certifcate that is configured for a different website within the same IIS.
e.g. https://localhost:443 has a security certificate but i want to create http://localhost:98/
Steps I've done:
Created a new application pool
Created the website within IIS
Edited bindings to point to a specific IP address and port: e.g: http://123.456.789.10:98/
Edited binding for localhost to use a different port: 98 e.g: localhost:98/
What's happening is that now whenever I go to localhost:98 or the ip address, it keeps redirecting the site back to the website that has the SSL certificate for it
eg. I click localhost:98/ but it redirects to https://localhost/
What can possibly be incorrect with this setup? I had it working before but then when i tried to apply a different SSL certificate, it didn't work, i re-set up everything and it's constantly pointing to this situation.
I have application hosted in tomcat under port 8050; mydomain:8050. Now, I want to have friendly url, say mydomain.com to be used to access mydomain:8050 without the client seeing the port number in the URL. Client should always see mydomain.com that should be internally resolved to mydomain:8050.
I have IIS server running on port 80. I created a site in it just to use rewrite option that can resolve to mydomain:8050. It didn't work with the pattern I used
Pattern: ((?:[^\/\n]|\/\/)+)(.*)
Rewrite URL: {R:1}:8050{R:2}
Then I installed apache http server on port 90. Used redirection in IIS site to redirect the URL to mydomain:90$S$Q and then used rewrite in Apache to internally redirect it to mydomain:8050. This works when I have a query string in it, like mydomain.com/queryString, but doesn't work if I type just mydomain.com. I can see it redirecting to mydomain:90 and stops there without any rewrite rules being executed. This also changes the URL to mydomain:90 and is visible to client.
My requirement is that when user enters mydomain.com it should internally resolve to mydomain:8050 (with query string if any) without client seeing it. I have IIS running at port 80 and apache running on port 90. How can I achieve this? I am sure this can be handled in rewrite rule of IIS, but I am not sure how to do that.
Rewriting to another server is basically proxying. What we need is a
reverse proxy setup in IIS which basically proxy all your requests
from http://example.com to to http://example:8050/(or better
http://localhost:8050)
Make sure you have ARR module installed on IIS
Create a reverse proxy rule like this
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://mydomain:8050/{R:1}" />
</rule>
Please note that since both Apcahe and IIS are in the same server,you can use localhost:8050 as backend proxy.
EDIT:
Also if you have any redirect coming back from the backend proxy and you do not want to redirect the Location header coming ,You can do that by unchecking "Reverse rewritehost in response headers" in Application Request Routing
Select the server node in IIS manager
Go to Application Request routing Cache
Click on Server proxy Settings
UnCheck "Reverse rewritehost in response headers"
I have a new SSL certificate that I'd like to assign to my website. I am managing this on a VPS server so I have full control of the environment. I've successfully followed instructions of GoDaddy to verify and install my SSL certificate. Now the problem is, I can still navigate to my website with HTTP and it becomes an unsafe website...
4 bindings are made in the IIS application
example.com (https, 443, certificate selected)
www.example.com (https, 443, certificate selected)
example.com (http, 80)
www.example.com (http, 80)
I've fiddled with the "SSL Settings" menu of my web application. If I check "Require SSL" with leaving "Accept" selected and if I try to access http://example.com, IIS returns 403 - Forbidden: Access is denied., but https://example.com works fine. If I disable it, both http and https works fine. But isn't it normally supposed to go to https connection automatically? If I remove the http domain bindings from the web app, naturally they end up getting 404 not found.
How am I going to achieve this?
Server uses IIS 10 by the way.
Cheers.
isn't it normally supposed to go to https connection automatically?
No it will not automatically redirect.When you enable RequireSSL,you are just enforcing that the connection should be over SSL.
How am I going to achieve this?
You have to have both http and HTTPS binding and do not set RequireSSL.Now we have to configure automatic redirect using URLRewrite module explicitly.
Install URLREWRITE module
Add a rule as below to have http to HTTPS automatic redirection for any user who comes on http.
As you can see, these rules are stored on inetpub\wwwwroot\web.config file.
`<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>`
The "Require SSL" option will prevent all non-HTTPS requests from hitting the website at all in the first place, so your non-HTTPS bindings are useless in that case.
If you want to add automatic HTTP-to-HTTPS redirections, there are 2 ways of doing it:
Method 1
Remove the HTTP bindings from the website.
Leave the "Require SSL" option enabled on the secured website.
Create a second website, and add the HTTP bindings to that website.
Add an IIS Redirection to the second website. Use the "HTTP Redirect" tool.
Method 2
Disable the "Require SSL" option.
Ensure you have the "URL Rewriting" module installed.
Open the URL Rewriting tool on the website and use the template for HTTP-to-HTTPS Redirection.
But isn't it normally supposed to go to https connection automatically?
No. Adding a certificate to IIS does not mean it automatically starts redirecting. This is usually handled by either the application itself, or a rewrite method like IIS's URL Rewrite module.
If I check "Require SSL" with leaving "Accept" selected and if I try to access http://example.com
This is for client certificates. You likely don't want to enabled.
If I remove the http domain bindings from the web app, naturally they end up getting 404 not found.
You want both bindings enabled, and have something redirect from HTTP to HTTPS as described above.
after enabling SSL Certificate IIS7.5 does not start Default site and above error occurred.
Probably you are configuring your host headers incorrectly. For SSL to work properly you need to actually define the domain name it will use, or bind the site to *443 which means all ssl requests on that particular ip would hit that site. Try doing a full restart, and if that doesnt work try and see if something is grabbing your SSL port.