Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Forwarding HTTPS site by IP address (http://www.velocityreviews.com/forums/t505787-forwarding-https-site-by-ip-address.html)

girardmj375@yahoo.com 05-11-2007 03:03 PM

Forwarding HTTPS site by IP address
 
We are in the planning stages of relocating our office, and we had
some concerns about forwarding our web site and the effect it would
have on our secure site.

We currently have our secure site established as https://www.company.com/access
and everything works fine because the certificate is registered to
company.com. However, after we relocate, we will be forwarding
requests for this site from our old office to the webserver in the new
office during the time it takes the DNS records to populate the web.
We were planning on using the IP address of the webserver in the new
office to accomplish this.

When we test this out at our current location, and try to access the
the site using the redirect address of https://203.XXX.XXX.XXX/access,
we get an SSL error stating that "The name on the security certificate
is invalid or does not match the name of the site", which is expected
because we are now using the IP to access the site rather than the
domain name that has been registered.

Does anyone know of any way to get around this so that our clients
don't recieve this error in the day(s) it takes for the DNS record to
populate. I realize it will only be for a day or two for the records
to populate and users can simply click "Yes" to get past the warning,
but we would rather figure out a way around this to avoid getting the
calls that are sure to come when clients see the warning message.

Any help is greatly appreciated.


Jim Watt 05-11-2007 05:48 PM

Re: Forwarding HTTPS site by IP address
 
On 11 May 2007 08:03:04 -0700, girardmj375@yahoo.com wrote:

>We are in the planning stages of relocating our office, and we had
>some concerns about forwarding our web site and the effect it would
>have on our secure site.
>
>We currently have our secure site established as https://www.company.com/access
>and everything works fine because the certificate is registered to
>company.com. However, after we relocate, we will be forwarding
>requests for this site from our old office to the webserver in the new
>office during the time it takes the DNS records to populate the web.
>We were planning on using the IP address of the webserver in the new
>office to accomplish this.
>
>When we test this out at our current location, and try to access the
>the site using the redirect address of https://203.XXX.XXX.XXX/access,
>we get an SSL error stating that "The name on the security certificate
>is invalid or does not match the name of the site", which is expected
>because we are now using the IP to access the site rather than the
>domain name that has been registered.
>
>Does anyone know of any way to get around this so that our clients
>don't recieve this error in the day(s) it takes for the DNS record to
>populate. I realize it will only be for a day or two for the records
>to populate and users can simply click "Yes" to get past the warning,
>but we would rather figure out a way around this to avoid getting the
>calls that are sure to come when clients see the warning message.
>
>Any help is greatly appreciated.



A few days before you do the move change the TTL on the
DNS records to the minimum value.

Relocate the web server as 'company.com' and then increase
the TTL to a normal value.
--
Jim Watt
http://www.gibnet.com

girardmj375@yahoo.com 05-11-2007 08:50 PM

Re: Forwarding HTTPS site by IP address
 

We don't manage our DNS server, our ISP does. Is the TTL something
that ISPs can modify per client, or is it server-wide for all of the
sites they host?


Steve Williamson 05-12-2007 02:43 PM

Re: Forwarding HTTPS site by IP address
 
On May 11, 9:50 pm, girardmj...@yahoo.com wrote:
> We don't manage our DNS server, our ISP does. Is the TTL something
> that ISPs can modify per client, or is it server-wide for all of the
> sites they host?


They can modify the TTL for each hostname associated with the IP
address in question. I think the minimum is 5 minutes (see A record
lookup for www.bbc.co.uk) so you should be sorted pretty quickly :)


girardmj375@yahoo.com 05-14-2007 01:17 PM

Re: Forwarding HTTPS site by IP address
 

I'll talk to my ISP about this then. Thanks for all of your help.
It's greatly appreciated.



All times are GMT. The time now is 05:30 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.