PDA

View Full Version : Secure All Domains with SSL

olivehour
03-30-2010, 06:39 PM
I contacted dasp support and was told to post here.

Basically, I want to know if & how I can secure both of the following domains:

https://olivehour.com
https://www.olivehour.com

Do I need 2 SSL certs, and if so, do I need 2 hosting accounts?

Basically, I want the site's canonical URL to be https://www.olivehour.com. So, requests sent to https://olivehour.com should be 301 redirected to https://www.olivehour.com.

I've set up the following IIS 7 URL rewrite rule, and it's working for all domain requests except for https://olivehour.com. Any help or advice is appreciated, thanks.

<rewrite>
<rules>
<rule name="Canonical Host Name">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="true">
<add input="{HTTP_HOST}" pattern="^www\.olivehour\.com$" negate="true" />
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://www.olivehour.com/{R:1}" />
</rule>
</rules>
</rewrite>
bruce
03-30-2010, 06:59 PM
No you cannot secure both domains on a single account because we can only assigned 1 cert per site.
olivehour
03-30-2010, 07:09 PM
Thanks for the direct answer Bruce.

Perhaps there is another solution. I don't know much about DNS, and I'm afraid to use the DNS tool in my account manager. Is there a way I can dis-associate the olivehour.com domain with the hosting account, so that only requests for www.olivehour.com come through? Meaning requests for both http://olivehour.com and https://olivehour.com will not resolve to an IP and thus timeout the browser?

I don't want to disassociate the email for @olivehour.com, just http requests.

I also have a few domain pointers, but only one of them (danludwig.com) is currently pointing to dasp nameservers. I have this set up solely for email, and would also like requests for http(s)://danludwig.com to time out, while keeping the email pointer working. Is this possible? Any resources you can point me to?

Thanks again.
bruce
03-31-2010, 10:42 AM
Yes. You can remove the A-record for olivehour.com
bruce
03-31-2010, 11:46 AM
Just a little bit more information.

The reason why this is failing is because when you send the 301 back to the browser (by URLRewrite), the browser will complain immediately when the cert name doesn't match. If you accept the warning, you'll get redirected to https://www.olivehour.com which means the rewrite rule is working.
olivehour
04-01-2010, 08:54 AM
Thanks again Bruce. Because of the warning on the DNS Manager page, I was afraid to do anything to mess with it. I'll remove the A record.
olivehour
04-01-2010, 09:11 AM
Just went into DNS manager. All domain aliases have delete buttons next to them except for olivehour.com. It looks like that one cannot be deleted..?
bruce
04-01-2010, 11:05 AM
hmmm.. shoot.. i forgot that we block it.

Email support, we can manually remove it for you.