[Xitami] HELP! Upgrading to Xitami Pro

Thomas J. Hruska xitami@lists.xitami.org
Fri, 21 Jun 2002 14:33:46 -0400

Previous message: [Xitami] HELP! Upgrading to Xitami Pro
Next message: [Xitami] HELP! Upgrading to Xitami Pro
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 04:36 PM 6/20/2002 -0700, Russel Olinger writeth:
> Your bit below, about SSL and VHosting?  This means that b/c I have 8
>domains sharing one IP address that SSL will prevent my Vhosts from working?

No, VHosting will still work, the problem is that SSL won't know which set
of certificates to send for the host the user wants.  So, you have to do
one of two things for the certs:

1)  Get certs. for *.somedomain.com (where somedomain.com is a domain you
own).  Then, create virtual hosts called domain1.somedomain.com,
domain2.somedomain.com, etc. for each domain that is on your servers.
Then, require people to connect to https://domain1.somedomain.com/ for
SSL-based stuff.  Note that this is one option that I'm not quite sure
about the setup for since Craig (my web host provider) is starting to
experiment with it.  Generating the certs. for this was based on the RFC
for HTTPS.  I'm crossing my fingers that it will work and the browser will
like it (i.e. assumes the browser is 100% HTTPS-compliant).

2)  Get certs. for www.somedomain.com (somedomain.com is your own domain
still) and require your users to point to
https://www.somedomain.com/domain1root/ for SSL-based access.  This only
requires setting up an alias rather than a whole sub-domain.  The down-side
is slightly more difficult scripting on the user end of things.

3)  If only one client will be using SSL, the client can purchase the cert.
and the others can use it, but their users will get a warning in their
browser that they don't own the cert.  Note, however, this option does not
easily scale.

>Example B: What about within a domain (aliasing SSL directories) :
>http://www.domain1.com
>http://www.domain1.com/cgi-bin/
>https://www.domain1.com/cgi-bin/secure  (SSL secure path)
>http://www.domain1.com/pages
>
>B1: Can SSL work in this fashion?
>B2: Or will the whole doamin be SSL referenced by: https:// ?

The whole domain is covered by SSL.  All SSL/TLS does is provide a secure
transport of data without understanding of the underlying representation of
the data it is securing.  Hence it can't know what virtual host the browser
is going to use since it doesn't understand that level of data (the HTTP
protocol).  As I said before, if you want to really understand how SSL/TLS
works with HTTP, you need to read the RFCs.

Hope this helps!


          Thomas J. Hruska -- shinelight@shininglightpro.com
Shining Light Productions -- "Meeting the needs of fellow programmers"
                  http://www.shininglightpro.com/

Previous message: [Xitami] HELP! Upgrading to Xitami Pro
Next message: [Xitami] HELP! Upgrading to Xitami Pro
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]