inline
> -----Original Message-----
> From: elephantwalker [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 18, 2001 2:11 PM
> To: Orion-Interest
> Subject: ssl and recent posts
>
>
> Group,
>
> Calm down everybody. We all have the same interests here...we
> use orion, a
> great j2ee server, and we use the latest j2ee technologies.
> Nobody believes
> that national origin has anything to do with anything, except
> where we pay
> our taxes.
>
> There may have been a post by somebody, who jokingly said something or
> other...but nobody really believes that they REALLY believe that.
>
> I have a two questions:
>
> 1. If you have a website with SSL, you will necessarily have
> different urls
> for the secure part of the site. Is it better to run the ssl
> on a separate
> machine, or should we use a virtual host for the separate url
> on the same
> machine, and let the load balancer take care pushing the
> requests around?
>
No, SSL requires a different HTTP Listener; you'll have to add a new
web-site.xml listening on port 443, and make a reference to it on
server.xml; I suggest you go to orionsupport.com and check out their HOW-TO
on the subject
> 2. So far I have only seen two places to get CA certificates
> for the secure
> site, Verisign and Tharwte. Are there other alternatives in
> the states for
> strong ssl certificates?
If you are using Internet Explorer, try Tools|Internet Options, select the
Content tab, then click on the Certificates button. It'll show you all the
Root CA certificates it trusts; I don't remember Netscape's shortcut, but it
has similar functionality (or even better; they came up with SSL in the
first place). I see GlobalSign, GTE, SecureNet, UTN, along the more familiar
ones.
>
> Regards,
>
> The elephantwalker
>
>