Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

unassined ip addresses and ssl

  Asked By: Jered    Date: Sep 24    Category: Sharepoint    Views: 770

if sharepoints recomended setup is to have all unassigned ip addresses
why is it that you have to assign an ip address to the virtual site in
order to get SSL working. i have mutipule IP addresses and installed
another SSL cert to the new site and it shut it down saying that the
port was allready used.. Why is that?



7 Answers Found

Answer #1    Answered By: Gregg Wilkinson     Answered On: Sep 24

SSL only works with a specific IP address, a specific host header value, and a certificate. All three of those have to match in order for the packets to be considered “secure”.

IIS has to know what IP address  *specifically* to use for the SSL portion.

Without SSL, IIS can just willy-nilly accept packets on whatever old IP address and process it. But with SSL, the IP address comprises a significant portion of the protocol.

An SSL certificate is only good with one domain name/hostname, and one IP address. It’s the way the protocol is designed.

IE, you can’t have somehost.domain.tld and someotherhost.domain.tld both secured with the same SSL certificate. Each must have it’s own IP address and domain name and separate SSL cert.

Answer #2    Answered By: Darrel Sexton     Answered On: Sep 24

If you have host headers configured and the certificate matches the host
header, you should not have problems with SSL on "all unassigned" addresses
with W2K3.

Answer #3    Answered By: Tory Sellers     Answered On: Sep 24

If you are using SSL, each URL must have its own unique IP address. You can only share addresses  with host headers if you are using port 80. You can't do this with SSL.

Answer #4    Answered By: Agustin Miranda     Answered On: Sep 24

I think that this is the definitive document on the subject:

Also, from the Resource Kit:

Answer #5    Answered By: Arron Middleton     Answered On: Sep 24

In WSS, you *must* use host headers, even with SSL. After R2 for W2K03 comes out, you’ll be able to use IP addresses  for SSL with WSS, but until then, you must use host headers with SSL

Answer #6    Answered By: Vance Hardin     Answered On: Sep 24

It's not just that you won't have problems, it's that it is *required*
to use host headers in all WSS virtual  servers because, at the present,
WSS does not support IP-bound virtual servers.

Answer #7    Answered By: Kareem Flynn     Answered On: Sep 24

Until we get the upgrade to WSS, please remember that we *never* assign  an IP address  to a virtual  server. We can have the IP address at All Unassigned and the certificate will work without the intervening popup box that indicates the cert doesn’t match the address.

Please read my blog on this: mindsharpblogs.com/.../283.aspx

Didn't find what you were looking for? Find more on unassined ip addresses and ssl Or get search suggestion and latest updates.