The SSL Bindings Issue–Web Pro Week 6 of 52

We have a chicken before the egg issue with HTTPS bindings.  This video—week 6 of a 52 week series for the web administrator—covers why HTTPS bindings don’t support host headers the same as HTTP bindings do.  In this video I show the issue and use Wireshark to see it in action.

If you haven’t seen the other weeks, you can find past and future videos on the Web Pro Series landing page.

The SSL Bindings Issue


  • Would you get the same effect of multiple IPs if you use a different port for SSL (like 4432) and did port translation on the switch side?

  • AJ Bothe. Unfortunately no, not with a single IP on the switch side anyway. Your switch doesn't have access to the host header either unless you terminiate SSL at that level, and even then you'll have the same issue.

    If you use NAT and have multiple public natted IPs then you can point to a single internal (or external) IP on the web server. You don't avoid multiple public IPs though.

    Also, your ServerVariables will change when you NAT so make sure that you don't have any application dependencies that watch for port 443 in the SERVER_PORT ServerVariable.

Comments have been disabled for this content.