问题描述
我有一个在IIS上运行的网站,该网站需要两个SSL证书,一个用于主网站域,一个用于通过CDN进行的流量(资产由其他域名提供).两者都使用SSL.
I have a website running on IIS that requires two SSL certificates, one for the main website domain, and one for the traffic coming through a CDN (the assets are served from a different domain name). Both use SSL.
因此,我在IIS中创建HTTPS绑定时使用了服务器名称指示"选项.
I therefore used the Server Name Indication option when creating the HTTPS bindings in IIS.
该网站运行正常,我知道IE6/Windows XP上的用户可能会遇到问题,但是我们没有/很多用户使用该组合来访问我们的网站,所以这不是问题.但是,这是一个电子商务网站,可以接收来自PayPal和WorldPay的回发/回叫.这是我们遇到问题的地方. PayPal或WorldPay的回发付款信息的机制似乎都不了解SNI,因此我们不会收到已付款的通知.
The site works fine, I know that users on IE6/Windows XP may experience an issue, but we don't have any/many users visiting our site using that combination so that's not a problem. However, it is an ecommerce site that receives postbacks/callbacks from both PayPal and WorldPay. Here is where we are experiencing an issue. It would seem that neither PayPal or WorldPay's mechanism for posting back payment information understands SNI, therefore we don't get notified that a payment has been made.
我不确定这些选项是什么. IIS告诉我创建一个默认的SSL站点,但是我找不到关于我应该创建什么或它有什么好处的在线说明.
I'm not sure what the options are. IIS is telling me to create a default SSL site, but I can't find any instructions online regarding what I should be creating, or what benefit it serves.
我要沿着这条正确的路走吗?任何人都可以在以下方面提供任何建议:a)默认的SSL站点是否可以解决此问题,以及b)如何创建默认的SSL站点?
Am I going down the right path with this? Can anyone offer any advice on a) whether a default SSL site will fix this issue and b) how to create the default SSL site?
感谢您的时间.
亲切的问候,Dotdev
Kind regards,Dotdev
推荐答案
您不必将所有站点都配置为需要SNI.
You don't have to have all your sites configured to require SNI.
按照您的意思,来自PayPal和WorldPay的回调位于您的主站点上吗?
From what you're saying, your callbacks from PayPal and WorldPay are on your main site are they?
在这种情况下,您可以在主站点上简单地编辑绑定,以使其不需要SNI,并确保将其设置为所有未分配"而不是特定的IP地址(否则它将进入SNI网站的方式.
If this is the case, you can simply edit the binding on your main site so that it does not require SNI, and make sure it is set to "All unassigned" rather than a specific IP address (otherwise it will get in the way of the SNI site).
这篇关于IIS 8.5上的SNI和SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!