Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

unassined ip addresses and ssl

  Asked By: Jered Mccullough         Date: Sep 24, 2005      Category: Sharepoint      Views: 183
 

if sharepoints recomended setup is to have all unassigned ip addresses
why is it that you have to assign an ip address to the virtual site in
order to get SSL working. i have mutipule IP addresses and installed
another SSL cert to the new site and it shut it down saying that the
port was allready used.. Why is that?

Tagged:          

 

7 Answers Found

 
Answer #1       Answered By: Gregg Wilkinson          Answered On: Sep 24, 2005       

SSL only works with a specific IP address, a specific host header value, and a certificate. All three of those have to match in order for the packets to be considered “secure”.

IIS has to know what IP address  *specifically* to use for the SSL portion.

Without SSL, IIS can just willy-nilly accept packets on whatever old IP address and process it. But with SSL, the IP address comprises a significant portion of the protocol.

An SSL certificate is only good with one domain name/hostname, and one IP address. It’s the way the protocol is designed.

IE, you can’t have somehost.domain.tld and someotherhost.domain.tld both secured with the same SSL certificate. Each must have it’s own IP address and domain name and separate SSL cert.

 
Answer #2       Answered By: Darrel Sexton          Answered On: Sep 24, 2005       

If you have host headers configured and the certificate matches the host
header, you should not have problems with SSL on "all unassigned" addresses
with W2K3.

 
Answer #3       Answered By: Tory Sellers          Answered On: Sep 24, 2005       

If you are using SSL, each URL must have its own unique IP address. You can only share addresses  with host headers if you are using port 80. You can't do this with SSL.

 
Answer #4       Answered By: Agustin Miranda          Answered On: Sep 24, 2005       

I think that this is the definitive document on the subject:
www.microsoft.com/.../details.aspx
51D-B213-98ED039190BF&displaylang=en

Also, from the Resource Kit:
www.microsoft.com/.../part
3/c12spprk.mspx

 
Answer #5       Answered By: Arron Middleton          Answered On: Sep 24, 2005       

In WSS, you *must* use host headers, even with SSL. After R2 for W2K03 comes out, you’ll be able to use IP addresses  for SSL with WSS, but until then, you must use host headers with SSL

 
Answer #6       Answered By: Vance Hardin          Answered On: Sep 24, 2005       

It's not just that you won't have problems, it's that it is *required*
to use host headers in all WSS virtual  servers because, at the present,
WSS does not support IP-bound virtual servers.

 
Answer #7       Answered By: Kareem Flynn          Answered On: Sep 24, 2005       

Until we get the upgrade to WSS, please remember that we *never* assign  an IP address  to a virtual  server. We can have the IP address at All Unassigned and the certificate will work without the intervening popup box that indicates the cert doesn’t match the address.

Please read my blog on this: mindsharpblogs.com/.../283.aspx

 
Didn't find what you were looking for? Find more on unassined ip addresses and ssl Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011