HiI've got a few Plone sites set-up using Apache through Zope. The question is, I'd like to implement SSL on the site login etc, as it's not secure without this. There's also one site I'd like to serve completely over https. However. I'm told that you can't run SSL on virtual hosts and can only hav
On 24 Jan 2006, at 14:30, michael nt milne wrote:
Hi
I've got a few Plone sites set-up using Apache through Zope. The
question is, I'd like to implement SSL on the site login etc, as
it's not secure without this. There's also one site I'd like to
serve completely over https. However. I'm
michael nt milne schrieb:
Hi
I've got a few Plone sites set-up using Apache through Zope. The
question is, I'd like to implement SSL on the site login etc, as it's
not secure without this. There's also one site I'd like to serve
completely over https. However. I'm told that you can't run SSL
Jens Vagelpohl schrieb:
...
I don't know if making Zope serve out SSL directly helps that (I doubt
it) because I wouldn't consider using it.
No, it does not. You only add the hassle to deal with nasty zope patches
to the scene. Only IP per ssl-host helps :-)
Regards
Tino
__
On 24 Jan 2006, at 14:59, Tino Wildenhain wrote:
Jens Vagelpohl schrieb:
...
I don't know if making Zope serve out SSL directly helps that (I
doubt it) because I wouldn't consider using it.
No, it does not. You only add the hassle to deal with nasty zope
patches
to the scene. Only IP pe
On 24 Jan 2006, at 15:12, michael nt milne wrote:
Ok, thanks. The annoying thing is that I am renting a virtual
dedicated server which allows multiple domain names obviously but
not multiple IP addresses. Or it probably costs more for that. Do
you reckon SSL will ever be available for virt
Ok, thanks. The annoying thing is that I am renting a virtual dedicated server which allows multiple domain names obviously but not multiple IP addresses. Or it probably costs more for that. Do you reckon SSL will ever be available for virtual single IP based hosts?
On 1/24/06, Jens Vagelpohl <[EMA
michael nt milne schrieb:
Ok, thanks. The annoying thing is that I am renting a virtual dedicated
server which allows multiple domain names obviously but not multiple IP
addresses. Or it probably costs more for that. Do you reckon SSL will
ever be available for virtual single IP based hosts?
I guess though that the pop-up for the certificate only happens once for each client when they enter the site? On 1/24/06, Jens Vagelpohl <
[EMAIL PROTECTED]> wrote:On 24 Jan 2006, at 15:12, michael nt milne wrote:
> Ok, thanks. The annoying thing is that I am renting a virtual> dedicated server wh
On 24 Jan 2006, at 15:46, michael nt milne wrote:
On 1/24/06, Jens Vagelpohl < [EMAIL PROTECTED]> wrote:
On 24 Jan 2006, at 15:12, michael nt milne wrote:
> Ok, thanks. The annoying thing is that I am renting a virtual
> dedicated server which allows multiple domain names obviously but
> not m
Use a wildcard certificate, if all of your subdomains on the server
belong to a single domain.
Hi
I've got a few Plone sites set-up using Apache through Zope. The
question is, I'd like to implement SSL on the site login etc, as
it's not secure without this. There's also one site I'd like
ok, they're not technically subdomains but full domains in their own right but served from a single server which has its own domain. Would a wild card work with that? Would the pop-ups still be present when a user enters the site?
On 1/24/06, Slobodan Jovcic <[EMAIL PROTECTED]> wrote:
Use a wildcar
On 24 Jan 2006, at 17:31, michael nt milne wrote:
ok, they're not technically subdomains but full domains in their
own right but served from a single server which has its own domain.
Would a wild card work with that? Would the pop-ups still be
present when a user enters the site?
This wi
Um, not really. In order for the wildcard cert e.g. *.mydomain.com to work, all the sites have to be on subdomains like site1.mydomain.com, site2.mydomain.com, etc. It doesn't matter if the sites are on virtual hosts or not. Serving the cert on anything that doesn't end with "mydomain.com" will act
ok, so for single different domains, hosted virtually on one single IP address I will have to brave the SSL pop up occurring when users enter the login area for Plone. I'm only going to have it on the login areas so it's not so bad. Better than having no SSL at all on logon. There must be lots of p
I think this should be doable for single cert with multiple domains.
Setup you exising ip with one domain (ie. mysecure_domain.com). Get the
cert on this domain.
Setup a rewrite rule in apache for port 443 for mysecure_domain.com
You could use a self signed cert to experiment. When user logs i
On 24 Jan 2006, at 18:10, David Pratt wrote:
I think this should be doable for single cert with multiple
domains. Setup you exising ip with one domain (ie.
mysecure_domain.com). Get the cert on this domain.
Have you tested this? The authentication machinery uses cookies, and
the browse
Ok, that's really interesting. Thanks. Yes I could just stay using SSL after the login if there's a problem with going non-sslI understand the setting up the single secure domain bit linked to the IP address but don't quite get how I would link each site's login areas to that? Basically are you say
Hi Jens. I tried something similar to this about a year ago as an
experiment. I think the problem I had at the time with with session
expiring and I was thinking about storing the session data in the
database and retrieving it back when user went back to non-ssl. This was
a while ago and I did
Hi Michael. First you need a way to get to the root of your site two
different ways. First is using the domain you have your ssl on and the
other for your other domain name(s)
www.domain_one.com /site1
www.mysecure_domain.com/site1/site1
If you have apache proxy then you can
Michael. I found a bookmark for something that might help. I remember
this person had written a bit of a howto on some of this for Plone. His
name was Eric Vought and his howto was SSL redirect around March of last
year. His document which is now an orphan was at:
http://www.diversityink.com/d
You can have one HTTPS/SSL per IP per port.
I use Pound instead of Apache, and can run an instance for each port.
I use HTTPS on port 444, and 445 for testing/staging arrangements that
match the production HTTPS on 443. I can set up a self-signed or 3rd
party certificate for each port, and th
er
Pound can be found at http://www.apsis.ch/pound
-Jon
Jonathan Cyr wrote:
You can
have one HTTPS/SSL per IP per port.
I use Pound instead of Apache, and can run an instance for each port.
I use HTTPS on port 444, and 445 for testing/staging arrangements that
match the produ
On 1/24/06, michael nt milne <[EMAIL PROTECTED]> wrote:
> Ok, thanks. The annoying thing is that I am renting a virtual dedicated
> server which allows multiple domain names obviously but not multiple IP
> addresses. Or it probably costs more for that. Do you reckon SSL will ever
> be available for
Jeff Donsbach schrieb:
On 1/24/06, michael nt milne <[EMAIL PROTECTED]> wrote:
Ok, thanks. The annoying thing is that I am renting a virtual dedicated
server which allows multiple domain names obviously but not multiple IP
addresses. Or it probably costs more for that. Do you reckon SSL will ev
"David Pratt -Hi Michael. First you need a way to get to the root of
your site two
different ways. First is using the domain you have your ssl on and the
other for your other domain name(s)"
Thanks for that David. I will try out what you say.Hopefully it will
work because not being able to do mult
Jens Vagelpohl wrote:
On 24 Jan 2006, at 18:10, David Pratt wrote:
Have you tested this? The authentication machinery uses cookies, and
the browser will not send cookies that were set by the secure login
host to the unsecured sites.
...only if the secure bit of the cookie is set ;-)
Chris
On 25 Jan 2006, at 14:26, Chris Withers wrote:
Jens Vagelpohl wrote:
On 24 Jan 2006, at 18:10, David Pratt wrote:
Have you tested this? The authentication machinery uses cookies,
and the browser will not send cookies that were set by the secure
login host to the unsecured sites.
...onl
On 1/24/06, michael nt milne <[EMAIL PROTECTED]> wrote:
> Ok, thanks. The annoying thing is that I am renting a virtual dedicated
> server which allows multiple domain names obviously but not multiple IP
> addresses. Or it probably costs more for that. Do you reckon SSL will ever
> be available for
Hi
The virtual hosts are all served from the same server but they don't
actually share the same domain. They have different domain names but
are served from the same IP.
I'm going to try David Pratt's method above to set up a
mysecure.domain.com and then use Apache to re-write in and out of the
l
Jens Vagelpohl wrote:
...only if the secure bit of the cookie is set ;-)
This is about different hostnames, remember?
Well, in that case https has nothing to do with it ;-)
cookies for one domain never get sent to another, unless you're using IE
or something ;-)
Chris
--
Simplistix - C
michael nt milne wrote:
> I'd like to implement SSL on the site login etc, as it's not secure
> without this. There's also one site I'd like to serve completely over
> https. However. I'm told that you can't run SSL on virtual hosts and
> can only have once SSL site per IP address.
To vary either
32 matches
Mail list logo