logo

Internet Site Homepage URLs with SSL

Something I've learnt while running this site is to make absolutely sure of something before I go shooting my mouth off about it being Domino's fault. Here's a good example of how doing so saved what's left of my reputation:

When I first enabled SSL on this server it broke the homepage setting for the Internet Site on which I was using it. At first I was inclined to blame Domino. After some investigation I found it was functioning as expected and managed to fix the problem.

Say you access a website at this address:

http://sub.domain.com

If you're using Internet Site documents it will take the user to the homepage URL defined in that document. Say you then enable SSL and visit the following address:

https://sub.domain.com

The homepage you see will most likely be that of the default Internet Site document. There's a good reason for that, as I found out by reading this great article on Internet Sites. In brief, it's like this:

When you request a URL beginning with https:// the headers your browser sends the server are encrypted. The server can't decrypt them until it finds the keyfile to use. To find this file it has to find the right Internet Site document. But, how can it do this though when these documents are organised by host name and the server doesn't know the host name requested, as it's encrypted. As the article says, it's "chicken and egg". Instead the server uses the IP address requested. To get the Internet Site it looks for the one which lists the IP address requested. If this doesn't exist it uses the default.

If you have a server like mine with one IP address and multiple site documents, where only one site is SSL enabled you have to add the server's IP address to the encrypted site's Internet Site document.

Makes sense I guess. Boy am I glad I read up on this before I wrote the scathing blog I was drafting in my head...

Comments

    • avatar
    • larry
    • Thu 8 Dec 2005 02:57 PM

    Remember this article:

    Using a form as a database's Homepage

    {Link}

    Using website rules, you can set the default page to open a database when the url is like

    {Link} or {Link}/

    A codeveloper on one of my databases lost 30 minutes to find out how your navigator trick worked. Website rules save an unnecesairy design element (the Launch navigator) and the coding is on a more logical place.

    Be carefull though, setting the home page through a website document is a so called redirection rule which is performed after all the substitution rules. So if you have a substitution rule that says /* should automatically go to /store.nsf/ (thus eliminating all store.nsf from all urls), the redirection rule should say /store.nsf/ (without anything after it) to redirect to /store.nsf/home?openform.

    Website rules rule!

  1. The linked document in Jakes article above has moved

    see http://www.ibm.com/developerworks/lotus/library/ls-Web_site_addressing/

  2. ummmmmm... this does seem to mean that you cannot have two domains on the same box with one ip address and have them open to different home pages is ssl mode

    e.g. http://deliverytoolkit.com and http://www.focul.net work ok and go to different landing pages but

    https://deliverytoolkit.com and https://www.focul.net default to the landing page specified on the internet site document that the server finds first, in this case focul.net

    I could code a redirect or even have a redirect rule but it is a frigg and might upset google ??

    Am I missing a trick ?

    • avatar
    • Jake Howlett
    • Tue 26 Oct 2010 01:53 PM

    Hi Sean,

    Hmm, IBM. King of the link killers. Their 404 page must get quiet a hammering over time.

    The only trick you're missing (and the only solution in your case) is to register another IP address (most hosting company let you add extra IPs at some nominal cost per month). Then you can list the new IP in the right Internet Site document.

    I guess the problem here is the Domino stores SSL cert key information in the internet site documents themselves (in case you need different certs per site I guess?). Whereas, if it stored the cert key in the Server document it could decrypt the headers and direct to the right Site document.

    Hey ho.

    Jake

Your Comments

Name:
E-mail:
(optional)
Website:
(optional)
Comment:


About This Page

Written by Jake Howlett on Thu 8 Dec 2005

Share This Page

# ( ) '

Comments

The most recent comments added:

Skip to the comments or add your own.

You can subscribe to an individual RSS feed of comments on this entry.

Let's Get Social


About This Website

CodeStore is all about web development. Concentrating on Lotus Domino, ASP.NET, Flex, SharePoint and all things internet.

Your host is Jake Howlett who runs his own web development company called Rockall Design and is always on the lookout for new and interesting work to do.

You can find me on Twitter and on Linked In.

Read more about this site »

Elsewhere

Here are the external links posted on the same day.

More links are available in the archive »

More Content