With wildcard SSL certificate, you are trying to protect all subdomains (e.g. server01.companyXXXX.com, server02.companyXXXX.com).
You start off by creating a certificate signing request (CSR) from server01 and submit it to GoDaddy.
Once GoDaddy generates the certificates, you can download them and install them onto server01. Be sure your certificate is SHA-2, not SHA-1.
Now if you want to install the same certificates into server02 using the same instructions, you will encounter the problem of disappearing certificates after you choose to “Complete Certificate Request”.
1. on server01 IIS—> Server Certificate, export the wildcard SSL certificate to a .pfx file after specifying a password.
2. on server02 IIS—> Server Certificates, import the certiciate .pfx file after entering the specified password.
We recently consolidated websites/servers hosted on AWS EC2.
On ServerA, we released a couple of elastic IP address. Using EC2 –> Networking –> Manage Private IP Addresses, I unassigned those orphaned private IPs.
After reboot, we found that ServerA can no longer connect to another SQL server.
It turns out that I forgot one thing. We used to have those orphaned private IPs as static IPs, instead of DHCP on the ServerA OS network setting. Thus, I removed those obsolete private IPs from network adapter setting IPv4.
The lesson is that any extra obsolete private IPs on the server network setting could lead to SQL connection issues.
There are many tools and many guidelines outline to help speed up web pages. In my case, it is WordPress hosted in IIS 8. TTFB was ~2 seconds and it took 5 seconds to load the page.
Optimization is like a black hole, sucking all your time while you try to score better on some benchmarks. Common tricks include:
- Use FastCGI
- Use WinCache
- Use WordPress cache plugin, such as W3 Total Cache.
- Faster CPU, more Memory, use SSD drive
You can use many online sites (e.g. pingdom) to give you waterfall and recommendations. They are also good to establish your performance baseline.
If you see high TTFB, then the next step is to use a browser on your web server to load the website. Any web browser (Chrome, IE, Firefox) can give you a waterfall, if you still have a high TTFB, then you know it is something related to the web server, not due to long network distance from a test client.
For me, the following trip reduces my WordPress page:
- Total load time from > 5 seconds to 1.2 seconds.
- TTFB dropped from ~2 seconds to 183 ms.
The solution is to disable IPv6 on Windows Server. I simply used Microsoft’s “Fix it”
http://forums.iis.net/t/1153459.aspx (many thanks to that thread of discussion!!!)
In the quest to make WordPress sites faster, here is another tip: install Dynamic Content Compression. Static Content Compression is not enough.
On one of the Windows Servers, when Windows Update runs, it takes up 100% CPU. We do not want to disable the Windows Update. So we look for a way to schedule/control/restrict/throttle the Windows Update Download. Note we are not trying to schedule the installation of the downloaded updates.
The trick is configure BITS (the transfer service which Windows Update depends on) so that it has 0 bandwidth during production hours.
1: Windows Registry Editor Version 5.00
EnableBITSMaxBandwidth = 1 turns on the bandwidth control.
MaxTransferRateOnSchedule = 0 means 0 kilbits per second allowed within the restricted schedule period.
MaxBandwidthValidFrom = 4 means the restricted schedule period starts at 4AM PST
MaxBandwidthValidTo = 11 means the restricted schedule period ends at 5PM PST
UseSystemMaximum = 1 means there is no limit on bandwidth outside of the restricted schedule period.
As usual, it takes quite a bit of effort to get web deploy working properly on IIS 8.
Personally, I find the following articles more useful:
Here is my recommended checklist:
- Windows Server 2012 already has .NET 4.0 on it, so you don’t need to install it.
- Run Web Platform Installer and Add/Install the following:
- IIS: Management Service
- IIS: Basic Authentication
- Web Deploy 3.5
- Make sure your Web Deploy also has IIS Deployment Handler (and sub features) installed. That was missing for me.
- On IIS 8, enable “Basic Authentication” on the server level.
- On IIS 8, Management Service. Enable remote connections and start Web Management Service.
- Make sure Web Management Service has “Automatic” startup in Services.
- Make sure the Windows Firewall allows inbound port 8172 for the Web Management Service.
- Make sure Azure or AWS or 3rd party firewall allows inbound 8172.
In my case, I was encountered something like the following:
Could not connect to the destination computer (“deployserver”). On the destination computer, make sure that Web Deploy is installed and that the required process (“The Web Management Service”) is started.
The remote server returned an error: (404) Not Found.
Web Deploy was installed. However, IIS Deployment Handler was never installed.
- Control Panel –> Program and Features
- Microsoft Web Deploy 3.5 –> Change –> Change
- Make sure IIS Deployment Handler and sub features are installed.