Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Several certificates for one IW-app
#1
Hello.

I would like to use my IntraWeb application to serve multiple sites. Domain names are different because belong to different organizations.
I will clarify.

Option 1. It is acceptable to use:
site1.com - acceptable
site2.com - acceptable
etc

Option 2
site.com/app_for_firm1 -  in my case, this is not possible
site.com/app_for_firm2 - in my case, this is not possible

Outside access to my IntraWeb application is through the standard SSL port (443). The IP address of all domains is the same.

At the start of the session, I can understand which site is being accessed (WebApplication.ApplicationURL) and provide the necessary interaction.

Is it possible to somehow use different SSL certificates for different domain names (site1.com, site2.com, etc)?

IWServerController has SSLOptions CertFileName, KeyFileName and RootCertFileName. It is understood that only one SSL certificate can be used.
1. Can IWServerController dynamically change certificates for different sessions?
2. Or maybe you can collect several certificates in one pem file (and keys too) and then IWServerController will independently figure out which certificate to use for which site?

Perhaps the topic has already been discussed previously, but I could not find a discussion. I found discussions similar to my option 2, but it doesn't work for me. Can you have a demo example?
Reply
#2
According to your post seems that you are considering an Indy based stand alone application. This application can't use 2 different certificates. Indy relies on OpenSSL and a single certificate must be loaded by each instance of the HTTPS server.

Having said that, seems to me that you have 2 options:

1- use a reverse proxy (e.g. Apache) on top of your IW application. If you have a single application instance, this won't be simple I'm afraid. Better if you have 2 different instances

2- Install 2 instances of the same IW application created as Http.sys, registering one for each domain. The certificates are registered in Windows (using IWCertificateManager which is installed with IntraWeb), one for each domain. Both instances are independent but they can share the same port 443 which is exactly what you want.
Reply
#3
Hello, Alexander.
My application is based on Indy.
Now I will think about what to do next.
Thank you.
Reply
#4
If the sessions dont need to interact directly (a rare use case)... you could also just deploy 2 instances of the Indy SA IW app, each with its own certificate. You can even load them at run time, so you only need one EXE that you run twice with different parameters.
Reply
#5
Great idea with running multiple instances of the same application. In addition to certificates, I could use different css in this way. But I probably didn't quite get it.
https://site1.com/
https://site2.com/
..
https://siten.com/
These sites use port 443.
How can this be implemented in the application? When I try to start the second instance, I get an error: Could not bind socket. Address and port are already in use.


Attached Files Thumbnail(s)
   
Reply
#6
(01-28-2022, 12:25 PM)I.Igor Wrote: Great idea with running multiple instances of the same application. In addition to certificates, I could use different css in this way. But I probably didn't quite get it.
https://site1.com/
https://site2.com/
..
https://siten.com/
These sites use port 443.
How can this be implemented in the application? When I try to start the second instance, I get an error: Could not bind socket. Address and port are already in use.

If you are using SA, you need 2 separate IPs. Each domain to its own IP and then IP bind each instance specifically to that IP.

If you want to use 2 domains, but a single IP you will need to deploy using HTTP.sys, ISAPI or ASPX.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)