Forwarding HTTPS site by IP address

Discussion in 'Computer Security' started by girardmj375@yahoo.com, May 11, 2007.

  1. Guest

    We are in the planning stages of relocating our office, and we had
    some concerns about forwarding our web site and the effect it would
    have on our secure site.

    We currently have our secure site established as https://www.company.com/access
    and everything works fine because the certificate is registered to
    company.com. However, after we relocate, we will be forwarding
    requests for this site from our old office to the webserver in the new
    office during the time it takes the DNS records to populate the web.
    We were planning on using the IP address of the webserver in the new
    office to accomplish this.

    When we test this out at our current location, and try to access the
    the site using the redirect address of https://203.XXX.XXX.XXX/access,
    we get an SSL error stating that "The name on the security certificate
    is invalid or does not match the name of the site", which is expected
    because we are now using the IP to access the site rather than the
    domain name that has been registered.

    Does anyone know of any way to get around this so that our clients
    don't recieve this error in the day(s) it takes for the DNS record to
    populate. I realize it will only be for a day or two for the records
    to populate and users can simply click "Yes" to get past the warning,
    but we would rather figure out a way around this to avoid getting the
    calls that are sure to come when clients see the warning message.

    Any help is greatly appreciated.
    , May 11, 2007
    #1
    1. Advertising

  2. Jim Watt Guest

    On 11 May 2007 08:03:04 -0700, wrote:

    >We are in the planning stages of relocating our office, and we had
    >some concerns about forwarding our web site and the effect it would
    >have on our secure site.
    >
    >We currently have our secure site established as https://www.company.com/access
    >and everything works fine because the certificate is registered to
    >company.com. However, after we relocate, we will be forwarding
    >requests for this site from our old office to the webserver in the new
    >office during the time it takes the DNS records to populate the web.
    >We were planning on using the IP address of the webserver in the new
    >office to accomplish this.
    >
    >When we test this out at our current location, and try to access the
    >the site using the redirect address of https://203.XXX.XXX.XXX/access,
    >we get an SSL error stating that "The name on the security certificate
    >is invalid or does not match the name of the site", which is expected
    >because we are now using the IP to access the site rather than the
    >domain name that has been registered.
    >
    >Does anyone know of any way to get around this so that our clients
    >don't recieve this error in the day(s) it takes for the DNS record to
    >populate. I realize it will only be for a day or two for the records
    >to populate and users can simply click "Yes" to get past the warning,
    >but we would rather figure out a way around this to avoid getting the
    >calls that are sure to come when clients see the warning message.
    >
    >Any help is greatly appreciated.



    A few days before you do the move change the TTL on the
    DNS records to the minimum value.

    Relocate the web server as 'company.com' and then increase
    the TTL to a normal value.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, May 11, 2007
    #2
    1. Advertising

  3. Guest

    We don't manage our DNS server, our ISP does. Is the TTL something
    that ISPs can modify per client, or is it server-wide for all of the
    sites they host?
    , May 11, 2007
    #3
  4. On May 11, 9:50 pm, wrote:
    > We don't manage our DNS server, our ISP does. Is the TTL something
    > that ISPs can modify per client, or is it server-wide for all of the
    > sites they host?


    They can modify the TTL for each hostname associated with the IP
    address in question. I think the minimum is 5 minutes (see A record
    lookup for www.bbc.co.uk) so you should be sorted pretty quickly :)
    Steve Williamson, May 12, 2007
    #4
  5. Guest

    I'll talk to my ISP about this then. Thanks for all of your help.
    It's greatly appreciated.
    , May 14, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Grey Samuels
    Replies:
    3
    Views:
    2,422
    Brian Bergin
    Oct 29, 2003
  2. =?Utf-8?B?ZHl2aW01Nw==?=
    Replies:
    9
    Views:
    5,514
    Lasher a.k.a. Taylor
    Dec 20, 2005
  3. Sekhar
    Replies:
    0
    Views:
    525
    Sekhar
    Mar 28, 2006
  4. Darkon
    Replies:
    3
    Views:
    3,413
    Walter Roberson
    Sep 6, 2006
  5. SteveB
    Replies:
    0
    Views:
    3,152
    SteveB
    Mar 26, 2009
Loading...

Share This Page