Assume a website service company running IIS ver 6.0 with only a single 
static IP.  This website service has multiple host names so that there are 
multiple independent websites running under this one static IP. 
Furthermore, each site has a virtual directory "cgi-bin", which, in 
actuality, is a single absolute directory.  Furthermore, all websites have 
forms and all form have the parameter ACTION="/cgi-bin/waa1gate.isa".
    I would like more than one of the websites to use a SSL port for certain 
operations.  The individual website properties allow me to specify using SSL 
port: 443, but I think only one host can be assigned this port and the 
assignment is exclusive to that host.
    I vaguely remember a project where the user was shifted into a SSL 
connection for transaction processing only and was shift back to port:80 for 
other interaction with the site.  There I was using ASP to reset a port, 
somehow, and the memory has faded.
    Is there a way to have the cgi-bin interface for all hosted names use 
the SSL connection so that more than one website can have secure 
transmission?  Do I assign other ports as SSL ports, like 
https://www.myweb.com:444 or is there a way to do it all through 443 so that 
the URL line looks standard?

Thanks for the input

Bruce,
>     Is there a way to have the cgi-bin interface for all hosted names use 
> the SSL connection so that more than one website can have secure 
> transmission?  Do I assign other ports as SSL ports, like 
> https://www.myweb.com:444 or is there a way to do it all through 443 so that 
> the URL line looks standard?

The problem with SSL is that it is impossible to virtual-host because the
handshaking is performed at the network layer and not the HTTP layer.
Therefore, only 1 certificate can be used per port, and as you know the
certificate must match the url domain.

What you can do, is run SSL on multiple ports, so SSL-Web-A uses port
443, SSL-Web-B uses port 444 etc.

Alternatively, you can have a single SSL domain.  In your forms add a
hidden input variable that tells your SSL script which page (url) it should
call when it returns the client to the non-ssl site.

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

When money speaks, truth keeps silent.

Bruce,

>> What you can do, is run SSL on multiple ports, so SSL-Web-A uses port
>> 443, SSL-Web-B uses port 444 etc.
> 
> This is the easier solution to implement.
> Q:  Is there more to this than creating the certificate for the 
> additional SSL port:444 and then linking Web-B to 444 in Web-B's 
> virtual-host property page?  

The only thing you have missed out here (but I'm sure you haven't
forgotten) is to setup the server to listen on port 444 and associate a
particular web with it - i.e. setup a host on that port.

> I assume the url would be 
> https://www.myWeb-B.com:444.  Correct?

Yes - simple isn't it? 

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

Stationary mice have bigger balls. (c)1991

I am confused because I thought I listed that action right above your 
response.  I must be missing something crutial.

To accomplish "...setup the server to listen on port 444 and associate a 
particular web with it - i.e. setup a host on that port", I think I do the 
following:
In IIS, select the server, select the virtual-host web name, take 
"Properties, enter a value in the SSL Port blank, in this case "444".
Is this correct?  Or is there something else to do somewhere else in 
Win2003?

Also, I assume I must first enter my SSL port, and only then go through 
Properties->Directory Security tab to create a certificate.  When I look at 
the Certificate Wizard, I do not see it asking for a port number, so I 
assume it is using what I have already entered as the SSL port for this 
virtual-host.  Again, correct?

Thanks for walking me through this.

Bruce Anderson

Diplomacy is the art of stepping on someone's toe without scuffing their 
shoe shine.
For Phil, who does this so well...

Bruce,

> I am confused because I thought I listed that action right above your 
> response.  I must be missing something crutial.

Yes, sorry, re-reading your message you are correct.

> Also, I assume I must first enter my SSL port, and only then go through 
> Properties->Directory Security tab to create a certificate.  When I look at 
> the Certificate Wizard, I do not see it asking for a port number, so I 
> assume it is using what I have already entered as the SSL port for this 
> virtual-host.  Again, correct?

I've never setup IIS for virtual hosting.  IIS is (IMNSHO) a pile of crock
who's only redeeming aspect is the ability to write DLL's for it instead of
CGI scripts/applications.  However, Xb2.NET also gives you this ability,
and allows you to write your DLL's in Xbase++ - or even incorporate the
code straight into the executable.

With Apache, you can also create "DLL's" as loadable modules, and adding
cgi languages such as perl, php, python etc. is as simple as installing an
interpreter for that language.  You can get Apache to listen on multiple
ports, each hosting a vast number of vitual hosts, and you can still run
multiple instances of Apache (even different versions) simultaneously.  One
of the clinchers for me is that Apache comes with a WebDAV module, and can
be configured to handle the Subversion version control system.  At the
moment, XoDC is hosting 3 projects using this mechanism (a number which
might explode later this year), and at work I am hosting 36 projects. This
allows my colleague to access my code and vice-versa (he looks after the
Clipper and financial apps), allows me to work from home, and when we take
on contractors allows them to work from home too.

The server signature shows the extensions applied:
Apache/2.0.48 (Win32) SVN/1.0.8 mod_ssl/2.0.48 OpenSSL/0.9.7c DAV/2

> Diplomacy is the art of stepping on someone's toe without scuffing their 
> shoe shine.
> For Phil, who does this so well...

Err, I'll take that as a compliment 

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

One man's theology is another man's belly laugh.

BTW - a friend sent me this link and I pass it along to those who need SSL's 
for internal company use and who do not need third party certifications.  I 
had looked into issuing my own server certificate and it was going to be a 
labor of Hercules.  This is much, much simplier.

Bruce Anderson
Houston, TX, where today it is 22 deg C with light breezes in a blue sky and 
puffy white clouds strictly for art effect.

http://www.pranas.net/Tutorials/ssl/SSLDiagnostics.shtml

Bruce,

> BTW - a friend sent me this link and I pass it along to those who need SSL's 
> for internal company use and who do not need third party certifications.  I 
> had looked into issuing my own server certificate and it was going to be a 
> labor of Hercules.  This is much, much simplier.
> 
> Bruce Anderson
> Houston, TX, where today it is 22 deg C with light breezes in a blue sky and 
> puffy white clouds strictly for art effect.

Swine   1 deg C, snow (by the bucket load).  Cold enough to snow, warm
enough to make sure the roads are pure slush.

> http://www.pranas.net/Tutorials/ssl/SSLDiagnostics.shtml

Looks like a great tool.  Unfortunately it only works with IIS 

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

I'm not as think as you stoned I am.