[Xitami] HELP! Upgrading to Xitami Pro

[Russel Olinger]

 Your bit below, about SSL and VHosting?  This means that b/c I have 8
domains sharing one IP address that SSL will prevent my Vhosts from working?

Example A: my example config would be: (server has ONE IP addresses,
x.x.x.10)
http://www.domain1.com = domain1.cfg
http://www.domain2.com = domain2.cfg
https://www.domain3.com = domain3.cfg
http://www.domain4.com = domain4.cfg

A1: Wlll  this not work?
A2: Or does each domain have to have its own IP address (is this because of
SSL and reverse DNS issues?)

Example B: What about within a domain (aliasing SSL directories) :
http://www.domain1.com
http://www.domain1.com/cgi-bin/
https://www.domain1.com/cgi-bin/secure  (SSL secure path)
http://www.domain1.com/pages

B1: Can SSL work in this fashion?
B2: Or will the whole doamin be SSL referenced by: https:// ?

B3. If the answer to B1 is YES, then will A1 still work in relation to
Example A.

Thanks again guys...

----- Original Message -----
From: "Thomas J. Hruska" <shinelight@shininglightpro.com>
To: <xitami@lists.xitami.org>
Sent: Thursday, June 20, 2002 12:20 PM
Subject: Re: [Xitami] HELP! Upgrading to Xitami Pro


> At 11:31 AM 6/20/2002 -0700, Russel Olinger writeth:
> >Ok, folks need some serious help here, i don't have a lot of time to do
> research on this - so I need the crash course.
> >
> >I am running the normal Xitami and am upgrading to Xitami Pro.  As usual,
> there is hardly ANY documentation on how to do this step by step.  Do I
> install to same directory OR do I install to a new directory and copy my
> previous configs/directory structure over?  Because it is the Pro version
> does that mean EVERY site is going to be a secure site - or can I only
turn
> the secure feature on for specific pages or links within each site?  Are
> there tricky configurations I need to be aware of.  I do know I am
supposed
> to get a KEY from somewhere, but again, I don't understand this process.
I
> don't want to disrupt my current installation.
>
> To really understand SSL, you really should read the HTTPS RFC.  However,
> since you are in a time crunch, let me take you quickly through what is
> involved.
>
> First off, your entire site can be run under SSL/TLS (if you want).  The
> tricky part is to remember that the SSL/TLS protocol provides no means for
> VHosting except by IP address under Xitami Pro.  This is due to the nature
> of the SSL/TLS protocols and not Xitami.  The problem is that when an
> SSL-capable client connects, the SSL server certificate that gets sent is
> the one tied to the IP address and there is no way to determine what VHost
> the client wants until after authentication.  This is, IMO, the biggest
> blunder the IETF (Internet Engineering Task Force) ever made.
>
> Second, all of your current configuration files can be the same as for
> Xitami.  The SSL config is located in HTTPSSL.CFS (or something like
that).
>  Just edit the SSL config to point at the proper certificates needed for
> the server.
>
> Finally, you need a certificate chain.  This will consist of a root
> certificate authority encrypted private key (e.g. Verisign) and your own
> certificate that is signed by the owner of the private key of the root
> cert.  You need both the encrypted server private key and unencrypted
> server private key in order to get Xitami Pro to work.  Let me warn you
> that Verisign signed certs. are *EXTREMELY* expensive and there are
cheaper
> alternatives to using their certs.
>
> >I am in a bind and need to upgrade fast b/c one of my sites needs to do
> Credit Card transactions.  So any and all help is very appreciated.  I
have
> never worked with SSL and I am worried about the time involved to get this
> all working.
>
> Make sure that your user has a merchant account before going to the
trouble
> of setting up SSL so quickly.  If they don't have a merchant account, it
> will take them about 2-3 weeks (minimum) to get one.
>
> Hope this helps!
>
>
>           Thomas J. Hruska -- shinelight@shininglightpro.com
> Shining Light Productions -- "Meeting the needs of fellow programmers"
>                   http://www.shininglightpro.com/
>
> --
> Xitami Users Mailing List -- For Xitami support
> To unsubscribe: http://lists.xitami.org/mailman/listinfo/xitami
>
>