Microsoft KB Archive/321650

= How to use SSL and MCMS 2001 on a Web site that has host headers enabled =

Article ID: 321650

Article Last Modified on 3/16/2004

-

APPLIES TO


 * Microsoft Content Management Server 2001 Enterprise Edition

-



This article was previously published under Q321650



SUMMARY
This article describes how to implement Secure Sockets Layer (SSL) on a virtual Web site with a mapped host header name so that you can create more than one Web site with only one Internet Protocol (IP) address. To do this in Microsoft Content Management Server (MCMS) 2001, use the Map Channel Names to Host Header Names feature.



MCMS host headers work with SSL because Internet Information Services (IIS) is not aware of MCMS host headers, so the URL information is unencrypted before the URL information is passed to the MCMS Web server (that is, the MCMS Internet Server Application Programming Interface [ISAPI] filter). Because this is the behavior of IIS when an IIS host header is not implemented, it is important that you only apply MCMS host headers and not a combination of IIS and MCMS host headers.

IIS is aware of IIS host headers. By design, IIS looks at the host header to determine which Web server to use. However, this occurs before the client request is decrypted. Because an encrypted header cannot be read, IIS cannot determine which server certificate to use.

Because of this distinction, MCMS host headers work with SSL. However, MCMS is not designed to use this configuration, and extensive testing has not been done.

Tested and Supported Configuration

 * 1) Set up two IIS sites on a Web server. Make sure that each IIS site has its own distinct IP address or TCP port.
 * 2) Set up MCMS 2001 with two root level channels, and then turn on the Map Channel Names to Host Header Names feature.
 * 3) On each IIS site, acquire a SSL certificate that matches the name of the channel names under MCMS 2001.
 * 4) Access each Web site by using HTTPS protocol. Note that this works as if each site is a separate HTTPS-enabled Web site that MCMS 2001 is hosting.

Support Information
Note that this configuration has never been fully tested and that the original MCMS design is not intended for this specific use. However, because this specific implementation may work, and to offer support to clients, Microsoft offers limited support concerning questions about or problems with this configuration.

Limited support is available to MCMS clients on a &quot;commercially reasonable effort&quot; basis. The Microsoft support team will only examine cases based on this configuration according to available resources and through some contact with the development team. Microsoft may not be able to resolve problems that may occur because of this configuration, and Microsoft may not be able to create a fix for the problem. The Microsoft support team will rely on a primal testing of this scenario and the in-depth knowledge of all of the software that is being used.

Microsoft plans to fully support this configuration in MCMS 2002.



For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

187504 HTTP 1.1 Host Headers Are Not Supported When You Use SSL

Additional query words: SSL Host Header website

Keywords: kbhowto kbinfo KB321650

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.