[Xitami] HELP! Upgrading to Xitami Pro
David Holm
xitami@lists.xitami.org
Fri, 21 Jun 2002 12:45:43 -0700
Actually if I remember correctly your setup would have to be like this:
CertDomain.com
CertDomain.com/Company1
CertDomain.com/Company2
CertDomain.com/Company3
Etc.
or:
www.CertDomain.com
www.CertDomain.com/Company1
www.CertDomain.com/Company2
www.CertDomain.com/Company3
As to add even a www.CertDomain.com requires a new certificate I believe.
Dave
----- Original Message -----
From: "Russel Olinger" <rolinger@airpower.net>
To: <xitami@lists.xitami.org>
Sent: Friday, June 21, 2002 12:05 PM
Subject: Re: [Xitami] HELP! Upgrading to Xitami Pro
> cool, your explanations helped alot...I think I can take it from here. At
> least I have some reference points and can start my reading/research with
> somewhat of a knowledge base. Makes it way easier to have a little
> direction.
>
> Russel
> ----- Original Message -----
> From: "Thomas J. Hruska" <shinelight@shininglightpro.com>
> To: <xitami@lists.xitami.org>
> Sent: Friday, June 21, 2002 11:33 AM
> Subject: Re: [Xitami] HELP! Upgrading to Xitami Pro
>
>
> > At 04:36 PM 6/20/2002 -0700, Russel Olinger writeth:
> > > Your bit below, about SSL and VHosting? This means that b/c I have 8
> > >domains sharing one IP address that SSL will prevent my Vhosts from
> working?
> >
> > No, VHosting will still work, the problem is that SSL won't know which
set
> > of certificates to send for the host the user wants. So, you have to do
> > one of two things for the certs:
> >
> > 1) Get certs. for *.somedomain.com (where somedomain.com is a domain
you
> > own). Then, create virtual hosts called domain1.somedomain.com,
> > domain2.somedomain.com, etc. for each domain that is on your servers.
> > Then, require people to connect to https://domain1.somedomain.com/ for
> > SSL-based stuff. Note that this is one option that I'm not quite sure
> > about the setup for since Craig (my web host provider) is starting to
> > experiment with it. Generating the certs. for this was based on the RFC
> > for HTTPS. I'm crossing my fingers that it will work and the browser
will
> > like it (i.e. assumes the browser is 100% HTTPS-compliant).
> >
> > 2) Get certs. for www.somedomain.com (somedomain.com is your own domain
> > still) and require your users to point to
> > https://www.somedomain.com/domain1root/ for SSL-based access. This only
> > requires setting up an alias rather than a whole sub-domain. The
> down-side
> > is slightly more difficult scripting on the user end of things.
> >
> > 3) If only one client will be using SSL, the client can purchase the
> cert.
> > and the others can use it, but their users will get a warning in their
> > browser that they don't own the cert. Note, however, this option does
not
> > easily scale.
> >
> > >Example B: What about within a domain (aliasing SSL directories) :
> > >http://www.domain1.com
> > >http://www.domain1.com/cgi-bin/
> > >https://www.domain1.com/cgi-bin/secure (SSL secure path)
> > >http://www.domain1.com/pages
> > >
> > >B1: Can SSL work in this fashion?
> > >B2: Or will the whole doamin be SSL referenced by: https:// ?
> >
> > The whole domain is covered by SSL. All SSL/TLS does is provide a
secure
> > transport of data without understanding of the underlying representation
> of
> > the data it is securing. Hence it can't know what virtual host the
> browser
> > is going to use since it doesn't understand that level of data (the HTTP
> > protocol). As I said before, if you want to really understand how
SSL/TLS
> > works with HTTP, you need to read the RFCs.
> >
> > Hope this helps!
> >
> >
> > Thomas J. Hruska -- shinelight@shininglightpro.com
> > Shining Light Productions -- "Meeting the needs of fellow programmers"
> > http://www.shininglightpro.com/
> >
> > --
> > Xitami Users Mailing List -- For Xitami support
> > To unsubscribe: http://lists.xitami.org/mailman/listinfo/xitami
> >
> >
>
>
> --
> Xitami Users Mailing List -- For Xitami support
> To unsubscribe: http://lists.xitami.org/mailman/listinfo/xitami
>