[Zope] SSL over Multiple Zope/Plone sites?
Vlada Macek
tuttle at sandbox.cz
Wed Mar 29 09:19:00 EST 2006
michael nt milne wrote:
> I'd like to implement SSL on the site login etc, as it's not secure
> without this. There's also one site I'd like to serve completely over
> https. However. I'm told that you can't run SSL on virtual hosts and
> can only have once SSL site per IP address.
To vary either IP address or port for different SSL site is a common
method and gives you the biggest advantages.
Nevetheless, you can host multiple SSL sites on single IP:port
combination, provided you share also a single certificate for them.
Apache is able to serve one cert for multiple SSL sites.
To prevent the annoying client-side dialog box saying the cert is for
different domain, your certificate must be a little special. There are 2
ways I'm aware of to manage this:
1) Wildcard certificate, issued for *.domain.com. This way the
certificate will match <anything>.domain.com, but <anything> must not
contain a dot. Also I'm not sure whether all current browsers support
this technique.
2) The subjectAltName capability as described here:
http://wiki.cacert.org/wiki/VhostsApache. Note that the CommonName must
be repeated as the first subjectAltName, since it's ignored afterwards.
I'm currently on my way to test the second way for my sites, but
preliminary tests went well.
--
\//\/\
(Sometimes credited as BA92 C339 6DD2 51F6 BACB 4C1B 5470 360E 20E5 926D.)
[ When you find a virus in mail from me, then I intended to infect you, ]
[ since I use SW that is not distributing malware w/o my knowledge. ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tuttle.vcf
Type: text/x-vcard
Size: 206 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20060329/5c8c2ddf/tuttle.vcf
More information about the Zope
mailing list