Microsoft KB Archive/262780

= INFO: Request Forwarder Only Supports One SSL Site for an Application Center Cluster =

Article ID: 262780

Article Last Modified on 6/4/2003

-

APPLIES TO


 * Microsoft Application Center 2000 Standard Edition, when used with:
 * Microsoft Windows 2000 Standard Edition
 * Microsoft Windows DNA, when used with:
 * Microsoft Windows 2000 Standard Edition

-



This article was previously published under Q262780



SUMMARY
Only one Internet Information Services (IIS) site that uses secure sockets layer (SSL) can be handled by the Request Forwarding component of Application Center 2000 for a given Application Center cluster. The reason for this limitation is described in this article.



MORE INFORMATION
The Request Forwarder Internet Server Application Programming Interface (ISAPI) component of Application Center 2000 supports forwarding for one SSL site for a given Application Center cluster. An IIS Web site binding is of the form IP Address:Port:Host Header, and this binding must be unique.

When you are using SSL, the host header information is encrypted. To decrypt a packet, IIS must know which Web site the request is for so that it can use the correct certificate to decrypt the request. Therefore, for SSL Web sites, the host header cannot be used to determine which Web site the request is for, and Web site detection must be based on IP:Port.

If the site is IP:Port bound, Application Center must add each of the member servers' backend IPs to the binding, otherwise the forwarded request will not be recognized by IIS. Because each member has only one backend IP, there can only be one site with the backend IP for a given port. This is effectively the same as binding it by port number, because there can only be one site with the backend IP:Port binding. That is why there can only be one SSL site per port number for a given Application Center cluster.

