httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe <...@idiglobal.com>
Subject Re: SSL
Date Fri, 08 Mar 2002 15:39:09 GMT
If you have a lot of domains, you can get a wildcard certificate that will 
match  *.yoursecuresite.com.  Thawte has them for $500.  That way you could 
use domain1.yoursecuresite.com, domain2.yoursecuresite.com,  etc.   We have 
had a few customers that are concerned if they are redirected to a completly 
different domain, but most of them are ok with a subdomain on a different 
site as long as the subdomain matches the refering site. 

Joe Benson
IDI


On Friday 08 March 2002 06:58 am, you wrote:
>This won't solve your problem (sorry), but rather a suggestion for a way
>to avoid the issue.
>
>I recently worked for a company that had about 150 virtual domains (it
>seemed like every day I was renewing one domain or another . . .grr!).
>We also looked at the unfavorable option of buying a certificate for
>each domain - ouch!
>
>What we ended up doing is having one secure domain, the main domain for
>the company.  All of our other domains would handle SSL by sending the
>browser to the secure domain before the https request - in other words,
>a link to a secure form on http://www.yetanotherhost.com would point to
>a file on https://www.ourcompany.com.  This SSL server was actually a
>completely separate process from the server with all the virtual hosts
>(two instances of apache).  So if someone tried
>https://www.yetanotherhost.com , there would be nothing listening on
>port 443.
>
>Not a very graceful solution, but it does avoid the 'mismatched
>certificate' issue.
>
>--
>Pete Nelson, Web Developer
><pete.nelson@ci.stpaul.mn.us>
>http://www.ci.stpaul.mn.us/
>
>>>> erwiensamantha@netscape.net 03/07/02 09:16PM >>>
>
>Ok , next question is
>
>How bout if i try to redirect.
>If someone hit https://a.domain.com/api will redirect to
>https://secure.domain.com/api
>I already try with redirection syntax like this
><VirtualHost *>
>ServerName a.domain.com
>Redirect permanent /api https://secure.domain.com/api
>
></VirtualHost>
>
>But ..in the Client Browser i always got warning "Domain Name
>Mismatch".
>
>
>How can i pass SSL verify before the client get
>https://secure.domain.com
>
>
>wIen
>
>Vernon@b2unow.com wrote:
>>As far as I know you cannot.
>>
>>
>>-----Original Message-----
>
>From: Erwien Samantha Y <erwiensamantha@netscape.net>
>
>>To: users@httpd.apache.org
>>Date: Fri, 08 Mar 2002 08:47:15 +0700
>>Subject: Re: SSL
>>
>>>Ok .., let start from simple question first ..
>>>
>>>Can we user 1 certificate license for handle many FQDN ?
>>>
>>>the example,
>>>
>>>I have FQDN secure.domain.com that have already the license
>>>certificate.
>>>can use the same certificate for all mu FQDN like a.domain.com ,
>>>b.domain.com etc.
>>>
>>>sn4265@sbc.com wrote:
>>>>   Sounds to me like you are running 'beta.mydomain.com' as a
>
>Virtual
>
>>>>Host, and 'secure.mydomain.com' as the primary site.  My guess
>
>would
>
>>>be that
>>>
>>>>you accidentally included the directives for 'beta' in the SSL
>
>section
>
>>>of
>>>
>>>>the httpd.conf file.  Just a guess though.  I might, let me stress
>>>
>>>MIGHT, be
>>>
>>>>able to figure it out for sure by looking at your httpd.conf file.
>>>>
>>>>-----Original Message-----
>>>>From: Erwien Samantha Y [mailto:erwiensamantha@netscape.net]
>>>>Sent: Wednesday, March 06, 2002 11:04 PM
>>>>To: users@httpd.apache.org
>>>>Subject: SSL
>>>>
>>>>
>>>>
>>>>Hi ..,
>>>>
>>>>I need some advice
>>>>I have 1 domain that already certificated , u can say
>>>
>>>secure.mydomain.com .
>>>
>>>>And i have another domain beta.mydomain.com , those two domain have
>>>
>>>same
>>>
>>>>IP address.
>>>>If i type https://beta.mydomain.com it always say mismatch
>>>
>>>certification
>>>
>>>>. (this i understand
>>>>because only secure.mydomain.com that have certificate).
>>>>
>>>>Any trick for this ??
>>>>with redirection maybe ...
>>>>Please suggest me
>>>>
>>>>erwien
>>>>
>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>The official User-To-User support forum of the Apache HTTP Server
>>>
>>>Project.
>>>
>>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>---------------------------------------------------------------------
>>>>The official User-To-User support forum of the Apache HTTP Server
>>>
>>>Project.
>>>
>>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>--
>>>-==  HonesT Is The BesT PoLicY ==-
>>>         -----------------
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>>>Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server
>
>Project.
>
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message