Clever Geek Handbook

Silly SSL cert question for Windows 2000 / ASP / IIS

I have an ssl certificate for my domain and I want to apply it to two separate applications in that domain that run under ASP classic in IIS on Windows 2000.

I have the following silly questions:

  • Are certificates issued for URLs or domains? Or subdomains?
  • Can I use the same certificate for multiple websites (apps) on this domain, or do I need a separate one?
  • Can I check the certificate file to determine what or for whom it was issued?

Thank!

+1


source to share


4 answers


1) Web certificates are issued to the domain. In particular, the CN attribute of the certificate must match the domain used to access your site.

2) Certificates are usually installed on the host (or virtual host). If you have a certificate for the wwwapps.domain.tld domain, you can have one calendar app and one in / contacts app.

3) Yes, depending on the format and where it is located, it can be easy or difficult. If you have a crt file and you are running under windows, just click on it. You should see the details.



If you want to check the certificate installed on the site, you usually need to click on the pickup icon.

In windows, you can also open MMC, add certificate snapin and see all / all installed certificates on local machine or your profile.

+2


source


  • They are issued for domains. Subdomains require their own certificates. You can buy a custom wildcard certificate for your domain that allows you to create certificates for your subdomains, but they are more expensive.

  • If you buy a certificate for mydomain.com, you can use it for everything that starts with https://mydomain.com/

  • Yes. You can do this for any certificates. check the lock icon in the browser address bar.



+1


source


Typically, it is issued to a single host on the web server (mostly cname or records), for example foo.bar.com, where foo is a single hostname for the host for which the certificate request was made, and bar.com is its domain.

So it will work for any app or virtual directory that responds to https://foo.bar.com - like https://foo.bar.com/planner/ - but nothing more.

For https: //*.bar.com you can get a wildcard certificate that allows you to handle any number of hosts without any problem - at a higher cost.

There are also Multiple SAN Certificates (UCCs) that can contain a specific number of hostnames in a single certificate such as webmail.bar.com and autodiscover.bar.com for an Exchange 2007 server serving both Web Access and Outlook Anywhere with that the same physical machine and network adapter.

If in .cer format, just by opening it in Windows, you will see details if it is pfx or in some other transport format that you will need to import.

Basically you install a certificate to a website node in IIS and whatever you can put underneath it (or modify with a modern firewall in front of it to still respond to the issued common name foo.bar.com) will work.

0


source


Thank! I enabled port 443 for the site in the certificate domain, uploaded the certificate via directory security in IIS for each subfolder, and enabled 128 bit encryption. Worked like a champion!

0


source






More articles:


All Articles