SSL Certificates

By bankajac
in Microsoft (Windows)

 Share

Recommended Posts

Mentor

bankajac

Posted
Posted (edited)

I have one server that runs exchange 2007 and another server that runs my websites (IIS7). The router forwards port 443 to the exchange box to run OWA and port 80 to the webserver box to run websites. I want to run a secure site (port 443) on the webserver. How can I do this?

I set up a site https://www.mysite.com and it runs off the exchange server as expected. When I change port 443 to the webserver I get the right site and certificate but OWA does not work.

How do I get this to work correctly? Can I run IIS 7 on two servers and have both server running sites on port 443. Do I need a more advanced router to do the forwarding?

Edited by bankajac
Link to comment
https://www.neowin.net/forum/topic/752162-ssl-certificates/
Share on other sites
Mentor

bankajac

Posted
  • Author
Posted

So I think that I need to get a router that will allow me to map external IPs to internal ones and get another IP address. Will this allow me to forward the same port to a different server bases on the outside IP address? Will this allow me to run multiple webservers? What is a good one that is not too expensive?

Mentor

bankajac

Posted
  • Author
Posted

The second option sounds the easiest for me. Can you recomend something not too expensive? I thought about using a linux box with monowall but decided I would rather just buy a router.

So the way this would work is that I have a domain name through godaddy which forwards to my public IP. Currently my router forwards all port 443 requests to my exchange server and I am able to log onto OWA from the outside. So now I would by another domain name and have that forwarded to my IP address. The new router would know that this request is comming from a new domain name and forward port 443 to the webserver. Requests from my old domain name will be forwarded to the exchange server. That's cool if that is the correct understanding.

Veteran

bobbba

Posted
Posted

You could setup MS ISA server std on your server to do it but there's a obviously a cost.

You would have rules on the ISA to say if the web traffic is for https://www.mydomain1.com send to mywebserver port 1, if the web traffic is for https://www.mydomain2.com send to mywebserver port 2.

There's probably other products out there can do this but I've only ever worked with ISA to do it.

Community Regular

Cyber Nemesis

Posted
Posted

This feature is called host headers and you should be able to find plenty of info. Basically the IIS engine would read the incoming URL and know what site you were requesting. Pretty hard to do when the url is encrypted.

On IIS6 the only way to do this was with a wildcard certificate, only with Windows. So you may want to review this as an option with IIS7.

http://www.microsoft.com/technet/prodtechn...c.mspx?mfr=true

Mentor

bankajac

Posted
  • Author
Posted

There will be multiple domains that will need to be routed to different servers but on the same port (443). Can ISA do this for me? So it will know to forward a request to the exchange server or the web server based on the domain request?

Veteran

bobbba

Posted
Posted
  bankajac said:
So if I buy ISA Server 2006 I can do what I described in my previous post. I might just wait for ForeFront TMG as I have Server 2008 x64.

If you have server 2008 you will definitely need to go with the Forefront TMG as ISA is not compatible with 2008 and yes it will meet your requirements based on what you have described.

Good ISA resource: Link

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.