Secure All Domains with SSL

Discussion in 'Windows / IIS' started by olivehour, Mar 30, 2010.

  1. olivehour

    olivehour

    I contacted dasp support and was told to post here.

    Basically, I want to know if & how I can secure both of the following domains:

    https://olivehour.com
    https://www.olivehour.com

    Do I need 2 SSL certs, and if so, do I need 2 hosting accounts?

    Basically, I want the site's canonical URL to be https://www.olivehour.com. So, requests sent to https://olivehour.com should be 301 redirected to https://www.olivehour.com.

    I've set up the following IIS 7 URL rewrite rule, and it's working for all domain requests except for https://olivehour.com. Any help or advice is appreciated, thanks.

    <rewrite>
    <rules>
    <rule name="Canonical Host Name">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAny" trackAllCaptures="true">
    <add input="{HTTP_HOST}" pattern="^www\.olivehour\.com$" negate="true" />
    <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://www.olivehour.com/{R:1}" />
    </rule>
    </rules>
    </rewrite>
     
    olivehour, Mar 30, 2010
    #1
  2. Bruce

    Bruce DiscountASP.NET Staff

    No you cannot secure both domains on a single account because we can only assigned 1 cert per site.
     
    Bruce, Mar 30, 2010
    #2
  3. olivehour

    olivehour

    Thanks for the direct answer Bruce.

    Perhaps there is another solution. I don't know much about DNS, and I'm afraid to use the DNS tool in my account manager. Is there a way I can dis-associate the olivehour.com domain with the hosting account, so that only requests for www.olivehour.com come through? Meaning requests for both http://olivehour.com and https://olivehour.com will not resolve to an IP and thus timeout the browser?

    I don't want to disassociate the email for @olivehour.com, just http requests.

    I also have a few domain pointers, but only one of them (danludwig.com) is currently pointing to dasp nameservers. I have this set up solely for email, and would also like requests for http(s)://danludwig.com to time out, while keeping the email pointer working. Is this possible? Any resources you can point me to?

    Thanks again.
     
    olivehour, Mar 30, 2010
    #3
  4. Bruce

    Bruce DiscountASP.NET Staff

    Yes. You can remove the A-record for olivehour.com
     
    Bruce, Mar 31, 2010
    #4
  5. Bruce

    Bruce DiscountASP.NET Staff

    Just a little bit more information.

    The reason why this is failing is because when you send the 301 back to the browser (by URLRewrite), the browser will complain immediately when the cert name doesn't match. If you accept the warning, you'll get redirected to https://www.olivehour.com which means the rewrite rule is working.
     
    Bruce, Mar 31, 2010
    #5
  6. olivehour

    olivehour

    Thanks again Bruce. Because of the warning on the DNS Manager page, I was afraid to do anything to mess with it. I'll remove the A record.
     
    olivehour, Apr 1, 2010
    #6
  7. olivehour

    olivehour

    Just went into DNS manager. All domain aliases have delete buttons next to them except for olivehour.com. It looks like that one cannot be deleted..?
     
    olivehour, Apr 1, 2010
    #7
  8. Bruce

    Bruce DiscountASP.NET Staff

    hmmm.. shoot.. i forgot that we block it.

    Email support, we can manually remove it for you.
     
    Bruce, Apr 1, 2010
    #8

Share This Page