SplitSSL vs Mixed Zone
-
11 июня 2012 г. 15:39
Hi folks.
This is quite a tricky problem; I'll try to be as clear as possible.
I think it may be an issue with SplitSSL and Mixed Zones.
Using: Windows 7, IE8 or IE9.
We installed the SplitSSL hotfix/patch when it was released (February?). This seemed to break a website for payments. We are aware of the information out there regarding SplitSSL; to ensure it is on all severs that require it (which it is). We know we can disable it using the registry, but we want to keep it enabled.
We present a payment page through our intranet (payments.oursite.com). *.oursite.com is regarded as an intranet zone (zone 1).
However, this passes data to the secure payment servers held off site (paynow.oursite.com). Although this server has our domain name, it is held outside our Class B network. It does have an alias set in DNS.
If I attempt to set both sites (payments.oursite.com and paynow.oursite.com) to intranet zone, IE says that it's intranet but the webpage doesn't work correctly. If I set payments.oursite.com to intranet, but paynow.ouriste.com to trusted zone, it says mixed and still doens't work. If I set both to trusted zone, then it works fine (but we lose the intranet functions, such as SSO etc).
Can anyone shed any light on this?
I'm thinking that SplitSSL may have issues when dealing with a mixed zone (me be "on purpose" for security reasons), but I suppose our main problem is getting the paynow.oursite.com being recognised as the intranet zone, which it is not.
Thanks.
- Изменено MrBeatnik 11 июня 2012 г. 15:49
Все ответы
-
11 июня 2012 г. 20:53
F12>Scritp tab, click "Start debugging"
the developer tool will display what resources are causing the mixed content warnings.
also see Tools>Compatibility View Settings, is "Display intranet sites in compatibility view checked?"
to force a web site in the intranet zone to render without compatibility view add the x-ua compatibility meta or header for IE=Edge.
Rob^_^
- Предложено в качестве ответа doctoroftypeMVP 11 июня 2012 г. 20:53
- Помечено в качестве ответа Leo HuangMicrosoft Contingent Staff, Moderator 25 июня 2012 г. 9:03
- Снята пометка об ответе MrBeatnik 3 августа 2012 г. 14:59
-
13 июня 2012 г. 9:24
Hi,
Here is one article can be referred to. Meanwhile, have a debugging with Internet Explorer debug tool.
Add One URL to Intranet Zone and Another URL to a Trusted Site Zone Through GPO
Ivan-Liu
TechNet Community Support
-
3 августа 2012 г. 14:58
Problem appeared to be TLS 1.0
Turning TLS 1.0 off (good idea) and leaving 1.1/1.2 enabled made it all work.
Although, it DOES work with 1.0 on other machines, so I'm guessing that a patch combination with 1.0 is causing the problem.
In any case, this is a resolution for us.
- Помечено в качестве ответа MrBeatnik 3 августа 2012 г. 14:59
.png)
