Thank you Ken. This is what I was hoping to hear (read). <tip type="Advanced Web Authoring - DWMX" author="Rob.Smith"> In the reports tab in DWMX, you can do many tasks that help bullet proof your system. You can: Validate your files, Target Browsers, Check your links, Run Reports on various accessibility and functionality and much more. You'd be amazed how much stuff you miss. </tip> -----Original Message----- From: Ken Schaefer [mailto:ken at adOpenStatic.com] Sent: Wednesday, June 23, 2004 9:10 PM To: thelist at lists.evolt.org Subject: Re: [thelist] Quick SSL Cert Question Hi, You can not allocate an SSL cert to a "subdomain". "this.domain.com" must be a host, same with "that.domain.com". The only exception (sort of), is wildcard SSL certs that match any host within a domain (but again, you still need a host(s)). Now, an SSL certificate has the DNS name of the host in question embedded in it. the client browser checks that the hostname of the URL being requested matches that embedded in the certificate (this is part of the identity verification checks that certificates give you). BUT, the Host: HTTP header is encrypted when transmitted from client to server, so the server can not use it to determine which website the request should be routed to. So, the browser must request a FQDN (this.domain.com) BUT the Host: HTTP header can not be used by the server to determine which website the request can be routed to. So, the only things that can be used are IP address, and Port number. So, for each host, you need to have a unique IP Address + TCP Port Number combination (host headers not allowed). IIS will happily let you install multiple SSL certs for different websites provided that they have a different valid identity (Port Number + IP address only) Cheers Ken ----- Original Message ----- From: "Rob Smith" <rob.smith at THERMON.com> To: "Thelist (E-mail)" <thelist at lists.evolt.org> Sent: Thursday, June 24, 2004 2:05 AM Subject: [thelist] Quick SSL Cert Question : Hey gang, : : I got a new web server and am setting it up right now. We have purchased two : SSL certs for the various sites we host. Currently all sites are governed by : host headers and all IP's are unassigned during this testing phase. The two : sites in question are subdomains (i.e. this.domain.com and that.domain.com : : According to the SSL cert rules, you must have only one cert per domain per : server. : : Fact: Host headers and SSL certs do not communicate. However, static IP's : and SSL certs do. : : (Deep breath) I just need someone to confirm, with their experience of : working with Multiple SSL certs on the same box on the same domain with : different subdomains, that you Can have two certs on the same domain, but : different subdomain's, which have different IP addresses. : : Currently since all sites are unassigned, IIS 5 is only allowing me to : install one and only one SSL Cert. IF the sites were given different IP : addresses, then IIS 5 would allow me to install different SSL certs on : different subdomains. : : A Big Texas Thank you in advance! : : Rob Smith -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !