Forum

https ile Subdomain...
 
Bildirimler
Hepsini Temizle

[Çözüldü] https ile Subdomain uyuşmazlığı

5 Yazılar
3 Üyeler
0 Reactions
4,312 Görüntüleme
(@hamzasaricicek)
Gönderiler: 112
Estimable Member
Konu başlatıcı
 

Merhabalar, SubDomain üzerinde çalışan bayi.alanadi.com adresine SSL kurulumu gerçekleştirdim. Fakat şöyle bir durum ile karşılaştım. subdomain http:// ile açıldığı zaman sorun yok. Subdomain altındaki sayfam görüntüleniyor. Fakat https:// ile erişmeye çalıştığımda ise, adres çubuğunda https://bayi.alanadi.com duruyor fakat görünürde www.alanadi.com görüntüleniyor. Sub domain üzerinde http:// ile https:// arasındaki bu farklılık neden olabilir bulamadım. Sayfam içerisinde herhangi bir yönlendirmem bulunmuyor. Sadce 404.asp kullandığım için IIS tarafından 404 için /default.asp ye yönlendirme yaptım. Onuda kaldırdığımda yine düzelmedi problem.

 

CSR oluştururken izlediğim adımlar, 

Name: alanadi.com
organization: Ünvan San. ve Tic.A.S
common name: bayi.alanadi.com
ve diğer adımları tamamlayıp oluşturuldu CSR kodu.

 

Name bölümüne SSL in çalışacağı subdomain adresinimi yazmam gerekiyordu acaba common name de olduğu gibi.

 
Gönderildi : 11/06/2010 15:15

(@yusufozturk)
Gönderiler: 147
Estimable Member
 

subdomain'in header ya da ip adresini yanlış girmişsiniz. header ve ip adresi yapılandırmasını düzeltirseniz ,sorun çözülecektir.

Header düzenleme işlemleri için aşağıdaki bağlantıya göz atabilirsiniz:

http://technet.microsoft.com/en-us/library/cc753195(WS.10).aspx

İyi çalışmalar. 

 
Gönderildi : 11/06/2010 17:04

(@hamzasaricicek)
Gönderiler: 112
Estimable Member
Konu başlatıcı
 

Yusuf kardeş,

Subdomain'in header ve ip adreslerini kontrol ettim. Şuan aşağıdaki gibi bir yapısı var. ama hala problemim devam ediyor..

 
Gönderildi : 11/06/2010 19:07

(@rahmidilli)
Gönderiler: 2458
Famed Member
 

 

Configuring SSL Host Headers (IIS 6.0)

Organizations that host multiple Web sites on a single
server often use host headers to create multiple Web sites without
requiring a unique IP address for each site. For more information about
hosting multiple Web sites on a single server, see Hosting
Multiple Web Sites
.

You can configure Web sites that use host
headers to serve protected content over a Secure Sockets Layer (SSL)
connection, that is, a connection that uses https:// instead of http://.
To use SSL with host headers, you must obtain and install a wildcard
server certificate. After you configure SSL host headers for a Web site,
protected content is served only over an https:// connection.

  Important

The following
conditions apply to the use of SSL host headers:

SSL host headers cannot be
configured by using the IIS Manager UI.

Using SSL
host headers requires that the wildcard certificate be installed on each
Web site from which you want to serve protected content. This adds
overhead to site management, because you must manually ensure that
multiple sites are kept in sync with each other.

You must
configure secure bindings for each Web site that uses the wildcard
server certificate to prevent unauthorized use of that certificate.

This
section includes the following information:

Obtaining
and Installing a Wildcard Server Certificate
: Describes how to
request a wildcard server certificate and install it on a Web site.

Configuring
Server Bindings for SSL Host Headers
: Describes how to configure
the SecureBindings metabase property to create SSL host headers
for each Web site that you want to enable to use the wildcard server
certificate.

Ensuring
That Secure Content Is Served Over HTTPS Only
: Describes how to
prevent unauthorized Web sites from using the wildcard certificate.

 

 

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-

885d-f8941b07554c.mspx?mfr=true

Setting up Host Headers and Secure Site Bindings in IIS 6

For IIS 7, please refer to our page discussing SSL
Host Headers in IIS 7

 

  1. Install
    your SSL certificate
    to the site to be used with secure bindings.
  2. If you have not already, configure the host headers of your site
    using IIS.

    In IIS, right click on a site you are securing and select
    properties.

    From the Web Site tab, click on "Advanced..." next to the IP
    address field.

    Click on your Default identity on TCP port 80, then choose "Edit"
    to enter your domain name as the "Host header value."
    Do this for any sites that will be sharing secure connections on
    the same IP.

  3. Next, you will need to open up a command line to set up your Secure
    Bindings.

    Go to Start > Run

  4. Type "cmd" and click "OK."
  5. Enter "cd C:\Inetpub\AdminScripts" to change to the IIS Scripts
    directory.
    If your system uses a different directory, go there instead.
  6. Enter the following command:

    cscript.exe adsutil.vbs set /w3svc/site identifier/SecureBindings
    ":443:host header"

    You can find the site identifier in IIS when viewing the
    list of all web sites from the IIS Manager in the Identifier column. The
    host header is the host header value that is assigned to the web
    site (e.g. digicert.com).

    IIS 6 SSL Host Headers Site Identifier

    If an invalid number is entered as the site identifier, you should
    get an error that "The path requested could not be found."

  7. Repeat the above step as many times as necessary to enable your SSL
    certificate to be used on the appropriate websites. If you need to
    enter the command for several sites, try using the DigiCert
    IIS 6 SSL Host Header Command Generator
    .

    You may need to restart the IIS sites for the changes to take
    effect.

  8. You can verify the configuration changes by opening each
    site in a web browser.
    If the wrong page is displayed for any URL, your SSL
    host headers have not been configured correctly.

If you have trouble setting up host headers in IIS, you can also
get around the issue by using different ports for your different secure
sites (multiple secure sites can run on the same IP with different SSL
certificates if they each use a different port), but most server
administrators find that solution to be more trouble than it is worth.

---

in IIS 6 on windows server 2003, you can use host headers for SSL
sites, thus allowing them to be on the same IP Address.

http://
www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true

EDIT: This will only work if the certificate is a wildcard
certificate. Otherwise, subdomain "affiliate" will try to use the same
certificate as subdomain "www", and visitors will get a warning.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true   Hosting Multiple Web Sites (IIS 6.0)

----

The certificate does have a CSR associated with it, yes. The
certificate is from a public CA and is correctly installed.

I was
just thinking (and I have NO idea why this did not occur to me before)
but is the correct way to setup a subdomain
with a secure certificate to create the subdomain
as a seperate site in IIS, generate a
CSR with THAT site and then rekey the certificate, install it, and the
create a virtual directory in that site (the subdomain
site) the links to the global resources folder in the main site?

Thus
I would actually create a seperate site : secure.whatever.tld
and
install a certificate there (adding a VD to that site in IIS manager that links to the global folder in
the main site).

Am I thinking in the right direction? Is this
the way to do it? Is this how you'd do it?

P.S. Can't wait for
Server 2008 and the native SSL host header
support!

Thanks so much for responding!

 

 

 
Gönderildi : 12/06/2010 13:24

(@hamzasaricicek)
Gönderiler: 112
Estimable Member
Konu başlatıcı
 

Rahmi hocam teşekkür ediyorum yardımlarınız için. Verdiğiniz adres gerçekten çok yardımcı oldu bir çok konuda. Amacım sorunu çözümlemekten ziyade, olayın mantığını kavramaktı. ALLAH razı olsun..

 
Gönderildi : 12/06/2010 14:41

Paylaş: