Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IIS & SSL behind NAT

Status
Not open for further replies.
xedgex

xedgex

MIS
Dec 3, 2007
60
US
Is it possible to setup SSL on a web server which is using private IP addressing? Our current setup uses NAT from the few public IP addresses we have. Or will I HAVE to add the public IP address to the web server?

If I can use the LAN IP address, I just have to make sure that this private IP address is reserved and bound to each application, correct?

To complicate things, we have a fail over circuit with its own IP address of course. Will the SSL be valid over this circuit if the main one goes down?
 
Sort by date Sort by votes
Yes you can use SSL on a site where the web serer has a private IP. This is very normal. Just get the certificate with the public DNS name just like you would if the server had the public IP.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
Great thanks. The public IP address does not have to be dedicated only to 1 virtual host (website), correct?

If we need 2 certs, for example;

app1.domain.com
app2.domain.com

Internally the setup would be;

app1 ip binding is 10.0.0.55
app2 ip binding is 10.0.0.56
everything else in IIS is 10.0.0.54

WAN IP is the SAME for both and other IIS items also.

This would work, correct? What about the fact that we can have multiple routes into the server, the SSL still works regardless of what public IP address answers (we have dns fail over that updates appropriate A records).



 
Upvote 0 Downvote
No, each SSL site needs it's own IP Address. The reason for this is that the hostheader part of the packet (which IIS would normally use to figure out where to send stuff) is encrypted and must be decrypted via the SSL cert before IIS can route it to the correct website.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
I understand but does it need its own WAN IP address or Public IP address? We only have 1 available WAN IP Address and need SSL for 2 or 3 sites. I'm confused.
 
Upvote 0 Downvote
Each site which needs SSL will need it's own LAN IP, as well as it's own public IP.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
517
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
223
DTGMI
DTGMI
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
303
DrB0b
DrB0b
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
192
DeepuM
DeepuM
DTGMI
  • Locked
  • Question
Win 2003 & IBM X3350 M2 Server (7946AC1)
Replies
1
Views
81
technome
technome

Part and Inventory Search

Sponsor

Back
Top