Ah. We're allowed to issue our internal certs from Domino, so no added expense there ;). Just the pain in getting it to work (and documented).
Matthew Williams Geodesic GraFX www.geodesicgrafx.com/blog Rick Root wrote: > IIS 6 only lets you do it with wildcard certificates... *.domain.com - so > you couldn't use hostheaders with different domains. Plus, wildcard certs > are usually expensive! > > Rick > > > On 2/25/07, Matthew Williams <[EMAIL PROTECTED]> wrote: > >> We had to do this due to our load balancer. The downside is it required >> *.domain.com CERTS. And manually editing the metabase. >> >> Matthew Williams >> Geodesic GraFX >> >> Robertson-Ravo, Neil (RX) wrote: >> >>> AFAIK, host headers do not work with SSL as they are encrypted and in >>> >> turn >> >>> the webserver will never know what you are calling. >>> >>> If you run SSL you need to have a dedicated IP for them (and then a host >>> header will work, kind of). Running multiple sites off the same IP wont >>> work with SSL >>> >>> I think to some degree you can with IIS6 though... I haven't tried it >>> >> yet. >> >>> >>> >>> >>> >>> >>> >>> "This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, >>> Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, >>> Registered in England, Number 678540. It contains information which is >>> confidential and may also be privileged. It is for the exclusive use of >>> >> the >> >>> intended recipient(s). If you are not the intended recipient(s) please >>> >> note >> >>> that any form of distribution, copying or use of this communication or >>> >> the >> >>> information in it is strictly prohibited and may be unlawful. If you >>> >> have >> >>> received this communication in error please return it to the sender or >>> >> call >> >>> our switchboard on +44 (0) 20 89107910. The opinions expressed within >>> >> this >> >>> communication are not necessarily those expressed by Reed Exhibitions." >>> Visit our website at http://www.reedexpo.com >>> >>> -----Original Message----- >>> From: Matthew Williams >>> To: CF-Talk >>> Sent: Sun Feb 25 22:21:29 2007 >>> Subject: Re: Secure CFIDE >>> >>> Why not? What doesn't work with host headers and SSL? We run multiple >>> SSL host headers per box with our intranet applications (on IIS). It's >>> truly a pain the sane world shouldn't be subjected to, but it can >>> >> happen. >> >>> Matthew Williams >>> Geodesic GraFX >>> www.geodesicgrafx.com/blog >>> >>> Rick Root wrote: >>> >>> >>>> On 2/25/07, Dave Watts <[EMAIL PROTECTED]> wrote: >>>> >>>> >>>> >>>>> I wouldn't recommend relying on Host headers, since they can easily be >>>>> sent >>>>> from the browser. >>>>> >>>>> >>>>> >>>> True, in fact that's how they always get sent :) However, I was >>>> >> referring >> >>>> to the previous post about actually using a domain that doesn't >>>> >> actually >> >>>> exist and just putting it in your local machine's hostfile. Then the >>>> >> only >> >>>> way to access it would be if you knew the IP address *AND* the domain >>>> >> name >> >>>> that is being used for the specific web site you're trying to hack >>>> >> into. >> >>>> If someone is sniffing your packets, of course, it doesn't help at all. >>>> >>>> The real disadvantage of course with using hostheaders is that you >>>> >> can't >> >>> use >>> >>> >>>> SSL to secure your coldfusion administrator. >>>> >>>> Rick >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270653 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
