[Xitami] HELP! Upgrading to Xitami Pro

Russel Olinger xitami@lists.xitami.org
Fri, 21 Jun 2002 12:05:22 -0700 

cool, your explanations helped alot...I think I can take it from here.  At
least I have some reference points and can start my reading/research with
somewhat of a knowledge base.  Makes it way easier to have a little
direction.

Russel
----- Original Message -----
From: "Thomas J. Hruska" <shinelight@shininglightpro.com>
To: <xitami@lists.xitami.org>
Sent: Friday, June 21, 2002 11:33 AM
Subject: Re: [Xitami] HELP! Upgrading to Xitami Pro


> At 04:36 PM 6/20/2002 -0700, Russel Olinger writeth:
> > Your bit below, about SSL and VHosting?  This means that b/c I have 8
> >domains sharing one IP address that SSL will prevent my Vhosts from
working?
>
> No, VHosting will still work, the problem is that SSL won't know which set
> of certificates to send for the host the user wants.  So, you have to do
> one of two things for the certs:
>
> 1)  Get certs. for *.somedomain.com (where somedomain.com is a domain you
> own).  Then, create virtual hosts called domain1.somedomain.com,
> domain2.somedomain.com, etc. for each domain that is on your servers.
> Then, require people to connect to https://domain1.somedomain.com/ for
> SSL-based stuff.  Note that this is one option that I'm not quite sure
> about the setup for since Craig (my web host provider) is starting to
> experiment with it.  Generating the certs. for this was based on the RFC
> for HTTPS.  I'm crossing my fingers that it will work and the browser will
> like it (i.e. assumes the browser is 100% HTTPS-compliant).
>
> 2)  Get certs. for www.somedomain.com (somedomain.com is your own domain
> still) and require your users to point to
> https://www.somedomain.com/domain1root/ for SSL-based access.  This only
> requires setting up an alias rather than a whole sub-domain.  The
down-side
> is slightly more difficult scripting on the user end of things.
>
> 3)  If only one client will be using SSL, the client can purchase the
cert.
> and the others can use it, but their users will get a warning in their
> browser that they don't own the cert.  Note, however, this option does not
> easily scale.
>
> >Example B: What about within a domain (aliasing SSL directories) :
> >http://www.domain1.com
> >http://www.domain1.com/cgi-bin/
> >https://www.domain1.com/cgi-bin/secure  (SSL secure path)
> >http://www.domain1.com/pages
> >
> >B1: Can SSL work in this fashion?
> >B2: Or will the whole doamin be SSL referenced by: https:// ?
>
> The whole domain is covered by SSL.  All SSL/TLS does is provide a secure
> transport of data without understanding of the underlying representation
of
> the data it is securing.  Hence it can't know what virtual host the
browser
> is going to use since it doesn't understand that level of data (the HTTP
> protocol).  As I said before, if you want to really understand how SSL/TLS
> works with HTTP, you need to read the RFCs.
>
> Hope this helps!
>
>
>           Thomas J. Hruska -- shinelight@shininglightpro.com
> Shining Light Productions -- "Meeting the needs of fellow programmers"
>                   http://www.shininglightpro.com/
>
> --
> Xitami Users Mailing List -- For Xitami support
> To unsubscribe: http://lists.xitami.org/mailman/listinfo/xitami
>
>