RE: #1: Don't need either VHOSTing or separate machines. Use https: and
put the content in a separate directory, adjusting the proper (Apache)
.conf - type files and chowning the directories to belong to separate groups
and with different rights profiles. Also might be an issue with Java. I'm
about to begin to explore this issue (Java security, jcomm, etc. and
encrypted file systems and streams in JDBC). I'll post the scope docs as an
article to OrionSupport, when I'm done. I believe OrionSupport might have
an article already on the simpler details of SSL/Orion, though.
RE: #2: Go to your browser and examine the 'trusted certificates' registry.
Some of them offer CA's, depending on the business situation. One I've
found that I like (because, like Orion, the licensing is simple, easy to
make a biz-case and use-case and doesn't cause more problems than it solves)
is EquiFAX (http://www.equifaxsecure.com). Their single-host fee is
>USD$100 and their 'Wildcard' product is USD$500 (both per-year) for all the
servers that qualify to your domain through DNS/BIND. VERY responsive too.
I've had sites up for clients in 18 hours (vice 36 hours - 2 months for
RSA/Thawte). They have on-line 'try before you by' and GREAT customer
support. Additionally, they will begin to offer object signing this spring
and they make issuing/receiving payments VERY easy, VERY fast and VERY
complete. I can use them for clients to enable 2-way credit card, check,
phone payment, credit checking and other services transparently under the
same annual invoice. Nobody else comes close. Which resembles Orion's
model, don'tcha know? Did I say I liked them?
Mike
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of elephantwalker
> Sent: Wednesday, April 18, 2001 1:11 PM
> To: Orion-Interest
> Subject: ssl and recent posts
>
>
> Group,
>
> Calm down everybody. We all have the same interests here...we use orion, a
> great j2ee server, and we use the latest j2ee technologies.
> Nobody believes
> that national origin has anything to do with anything, except where we pay
> our taxes.
>
> There may have been a post by somebody, who jokingly said something or
> other...but nobody really believes that they REALLY believe that.
>
> I have a two questions:
>
> 1. If you have a website with SSL, you will necessarily have
> different urls
> for the secure part of the site. Is it better to run the ssl on a separate
> machine, or should we use a virtual host for the separate url on the same
> machine, and let the load balancer take care pushing the requests around?
>
> 2. So far I have only seen two places to get CA certificates for
> the secure
> site, Verisign and Tharwte. Are there other alternatives in the states for
> strong ssl certificates?
>
> Regards,
>
> The elephantwalker
>
>
