To install your Wildcard certificate in Microsoft IIS 7.0, perform the following steps: Step 1 : Download your certificate
You will receive an email when your certificate is issued.
You will want to download the PKCS#7 format of your certificate.
Step 2 : Install your SSL certificate
Click Start > Administrative Tools > Internet Information Services (IIS) Manager
From the left menu, select the corresponding server name
In the Features pane (middle pane), under Security, double-click Server Certificates
From the Actions pane (right pane), select Complete Certificate Request
Provide the location of the certificate file and the friendly name
Note: With a Wildcard certificate, you want to make
sure to give it a wildcard friendly name. Example: *.domain.com. IIS 7.X
will not let you set an SSL host header unless the friendly name starts
with * when you start binding your certificate to your sites. You can
see in this example how the binding will look later if you do not give
the certificate a wildcard friendly name:
Without wildcard friendly name:
With wildcard friendly name:
Step 3 : Binding certificate to the web site:
Click Start > Administrative Tools > Internet Information Services (IIS) Manager
Browse to your Server Name > Sites > Your SSL-based site
From the Actions pane, choose Bindings
In the Site Bindings window, If there is no existing https binding, choose Add and change Type from HTTP to HTTPS Note: if there is already a https binding, select it and click Edit.
From the SSL Certificate drop down, Select the Friendly Name for the SSL certificate that will be used for this site. Note: If you don't set a host name, when you try to
configure the certificate on another site, it causes an error and the
second site won't start.
In some cases you may need to Stop and start your Web server prior to any testing. Note: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
Additional Notes:
If you do not specify an IP address when installing your SSL
Certificate, the same ID will be used for all virtual servers created on
the system.
If you are hosting multiple sites on a single server, you can
specify that the ID only be used for a particular server IP address.
The Dynamic Host Configuration Protocol (DHCP)
is both a client server application and a network management protocol.
When a device (such as a workstation, tablet or smartphone) connects to a
network, its DHCP client requests an IP address and other network
configuration data from a DHCP server. The client and server communicate
using the DHCP protocol to provision the end user device accordingly.
This provides several vital benefits:
End users do not need to perform manual configuration of their devices when they connect to a network.
It simplifies the set up and operation of small office and home networks.
On larger enterprise networks, centralizes allocation and
reclamation of IP addresses, which prevents problems that can cause
outages.
Like DNS, DHCP provides a mission critical service that operates
transparently to end users but must be managed and maintained by IT
operations personnel. This article provides a basic overview of DHCPv4
and DHCPv6 from a protocol, application and deployment perspective.
In this article you will learn:
DHCP protocol and how DHCP works
DHCP deployment architectures
About DHCPv4 vs. DHCPv6 and SLAAC
NS1 Enterprise DDI - DHCP, DNS and IPAM
How DHCP Works
When a device (client machine such as a PC) boots up on a network, it
does not have an IP address. It also has no information on how to
access other network services such as the gateway router and DNS. DHCP
provides that critical bootstrap function of automatically configuring
the device with the network parameters it needs to communicate with
other devices and services on the network.
The basic steps are as follows: Step 1: DCHP Discover. The client at this stage has
no IP address and does not have the address of the DHCP server. The
client sends the request to the ethernet broadcast address (FF.FF.FF.FF)
to destination UDP port 67. Source port of client request is UDP port
68. Note that the DHCP server must be on the same subnet as the client
because ethernet broadcast messages are not routed. (This restriction
can be overcome by a function called DCHP relay, discussed below).
Step 2: DHCP Offer. The DHCP server is listening on
port 67 and receives the discover request. The discover request contains
the client MAC (or “hardware”) address and UDP source port 68. This
enables the DCHP server to respond with a DHCP Offer to the sending
client. The DHCP offer includes following information:
The IP address that server is offering
The subnet mask
The lease duration (how long the client may use the IP address)
The IP address of the DHCP server
The IP address of the default gateway router
IP addresses of DNS servers
Step 3: DHCP Request. The client responds to the server requesting the IP address that was offered.
Step 4: DHCP Acknowledge. The server sends an
acknowledgement packet to the client, essentially confirming the IP
address and configuration parameters provided to the client.
DHCP Architectures
In small office and home networks, DHCP is typically integrated with
the local router. Larger enterprise networks comprise multiple sites and
it may be impractical to deploy, configure and monitor DHCP on every
subnet across the enterprise. Many enterprises take a more centralized
approach to architecting DHCP in the network. As mentioned above, DHCP
Discover cannot be routed so a function called DHCP relay (often
implemented on routers) is used to forward DHCP traffic across the
network. The relay agent needs to be configured with the IP address of
one or more DHCP servers. This allows the DHCP service to be available
across a wide area network. Many enterprises take a hybrid approach to DHCP architecture,
deploying DHCP on dedicated servers at regional offices and HQ which
supporting multiple branch locations in each region. Because DHCP is a
mission critical service it is important to deploy it in a high
availability (HA) configuration. This can comprise DHCP HA pairs in
active-active (DHCP load balancing) or active–hot standby mode. It can
also comprise HA configurations that work over a wide area network, so
if a site providing DHCP services goes down, an alternate site is
available to maintain service continuity. The backup DHCP server(s) need
to know what IP addresses have been issued by the primary DHCP servers
so when failover is invoked, the backup does not issue leases on IP
addresses that are currently in use.
Managing DHCP – Scopes and Super Scopes
As described above, DHCP servers provision IP address and other
network configuration parameters to clients. To do so the DHCP servers
themselves must be configured accordingly. In a deployment model where
the DHCP server supports multiple subnets, each subnet is allocated a
unique, continuous range of IP addresses sufficient to ensure there will
always be an available IP address for devices connecting on that
subnet. That range of IP addresses is referred to as a DHCP Scope. The
standard model therefore is a single scope per subnet. The server is
configured to associate the correct scope to the network ID of the
client making a DHCP request.
This model may not always be sufficient to meet all addressing
requirements. For example, there may be a need to assign more than one
scope (i.e. two non-contiguous IP address ranges) to clients on the same
physical network which is divided into more than one logical networks
(multinet). This is called a DHCP superscope.
Static IP vs Dynamically-Allocated IP
With DHCP, devices don’t have a permanent or “static”
IP address instead, they lease IP addresses for a limited time. When
the lease expires the device communicates with the DHCP server, and the
server may renew its IP address or assign it a new one. This is a dynamically-allocated IP. Some devices, such as mobile phones, receive a new IP address each time they connect to a network.
Some devices need a static IP address because other devices or users
frequently connect to them. A common example is a web server or a
printer. IT administrators can reserve fixed IP addresses for these
devices using DHCP, or their IP addresses can be manually configured.
DHCPv4, DHCPv6 and SLAAC
Internet Protocol Version 6 (IPv6) is a more recent version of the
Internet Protocol (IP). It was was introduced to vastly increase the
number of possible IP addresses. The previous version, IPv4, has a 32
bit address space which supports roughly 4 billion addresses. This is
insufficient to support the number of internet connected devices. IPv6
introduced a 128 bit address space which for all practical purposes
supports an unlimited number of IP addresses.
Example of IPv4 IP Address
Example of IPv6 IP Address
192.168.1.1.
2001:1er8:0088:0042:0001:8e2g:0397:1247
One of the innovations in the IPv6 protocol is Stateless Address
Auto-configuration (SLAAC), a protocol that enables each node to
self-configure its IP address. When a device connects to a network it
uses the Neighbor Discovery Protocol (an IPv6 ICMP message) to determine
the network it is on. It then configures its IPv6 address by combining
the 64 bit network prefix with its MAC address (plus an additional 16
bits) to construct a globally unique 128 bit IP address. This greatly
simplifies networking and, in some cases, may eliminate the need for
DHCP servers.
There is a version of DHCP for IPv6 – DHCPv6. Its primary functions
are to provide client configuration information not included in SLAAC
and/or provide centralized control and auditing over IP address
assignments. However, newer versions of the Neighbor Discovery Protocol
are available that provide for discovery of recursive DNS servers so
for many enterprises adopting IPv6, there may not be a need for DHCPv6
in future.
