|
Home > Archive > Apache Server configuration support > May 2007 > Alias in conf file to send users to httpS://
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Alias in conf file to send users to httpS://
|
|
|
| I have a virtual dedicated server at a hosting company where I host several
domains.
In order to get an SSL cert, it has to be for the one main account which is
mydomain.com. I have a new client that needs to have an order and credit
card page acceptance page which, of course, needs SSL. Can I add an Apache
Alias command in the conf file that would make the users of
http:domainA.com see httpS:domainA.com using the SSL cert for mydomain.com?
Something like in their vhost section:
Alias /orders https://mydomain.com
I think SSL adds to the complexity but wondered if that would work or if you
know of a work-around?
Many thanks.
| |
| shimmyshack 2007-05-08, 1:20 pm |
| On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote:
> I have a virtual dedicated server at a hosting company where I host several
> domains.
>
> In order to get an SSL cert, it has to be for the one main account which is
> mydomain.com. I have a new client that needs to have an order and credit
> card page acceptance page which, of course, needs SSL. Can I add an Apache
> Alias command in the conf file that would make the users of
> http:domainA.com see httpS:domainA.com using the SSL cert for mydomain.com?
>
> Something like in their vhost section:
> Alias /ordershttps://mydomain.com
>
> I think SSL adds to the complexity but wondered if that would work or if you
> know of a work-around?
>
> Many thanks.
> In order to get an SSL cert, it has to be for the one main account which is
> mydomain.com.
this isnt true actually. It can be for any domain. but see below, you
might be allowed this way only.
you cant use an alias in this way check the docs.
you could set up a redirect which would send your users to the https
site:
RedirectMatch ^/?orders https://mydomain.com/
if you just use the cert with a different domain name the user will
receive a warning, however it will be secure encryption, but just does
not provide identification.
When you set up SSL, visit http://www.cacert.org/ to grab
multiple certs for free.
http://wiki.cacert.org/wiki/VhostTaskForce
http://wiki.cacert.org/wiki/VhostsApache
tells you how to set it up so you can use name based vhosting and have
a cert for each servername on the same IP
whether you can do this however depends on how your hosting company
has set up your package. (I am assuming its a shared package and you
dont control the configuration of certs)
| |
|
| "shimmyshack" <matt.farey@gmail.com> wrote in message
news:1178636361.036723.168830@q75g2000hsh.googlegroups.com...
> On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote:
>
>
>
> this isnt true actually. It can be for any domain. but see below, you
> might be allowed this way only.
>
> you cant use an alias in this way check the docs.
> you could set up a redirect which would send your users to the https
> site:
> RedirectMatch ^/?orders https://mydomain.com/
>
> if you just use the cert with a different domain name the user will
> receive a warning, however it will be secure encryption, but just does
> not provide identification.
>
> When you set up SSL, visit http://www.cacert.org/ to grab
> multiple certs for free.
> http://wiki.cacert.org/wiki/VhostTaskForce
> http://wiki.cacert.org/wiki/VhostsApache
> tells you how to set it up so you can use name based vhosting and have
> a cert for each servername on the same IP
>
> whether you can do this however depends on how your hosting company
> has set up your package. (I am assuming its a shared package and you
> dont control the configuration of certs)
Shimmy - thanks. It is not shared and actually, I think I can control my
own certs. I definitely control my own conf file. I'll check that out -
many thanks!
| |
| shimmyshack 2007-05-08, 1:20 pm |
| On May 8, 5:06 pm, "Paul" <l...@invalid.com> wrote:
> "shimmyshack" <matt.fa...@gmail.com> wrote in message
>
> news:1178636361.036723.168830@q75g2000hsh.googlegroups.com...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Shimmy - thanks. It is not shared and actually, I think I can control my
> own certs. I definitely control my own conf file. I'll check that out -
> many thanks!
its as "simple" as creating an
admin@subdomain.servername.com
for each subdomain.servername.com you have
and adding that domain to your account.
then once you have done that you select which subdomains you wish to
include on the cert and generate the CSR, and away you go from there.
create a vhost section for each subdomain.servername.com and reference
the cert, it works like a charm even on one IP address, the only
downside is that you have to verify you own the domain by setting up
an email address temporariliy. That might change though soon.
good luck. m
| |
|
| >> > When you set up SSL, visithttp://www.cacert.org/to grab[vbcol=seagreen]
Shimmy - I can't find much on whether cacert.org certificates are widely
pre-installed/accepted in brwosers or will the user receive a security
notification thus not making much difference than self-certifying.
Thanks again for you help here!
| |
| shimmyshack 2007-05-09, 1:24 pm |
| On May 9, 4:03 pm, "Paul" <l...@invalid.com> wrote:
>
>
> Shimmy - I can't find much on whether cacert.org certificates are widely
> pre-installed/accepted in brwosers or will the user receive a security
> notification thus not making much difference than self-certifying.
>
> Thanks again for you help here!
supporting them is the same as rolling your won, except we move one
stage further towards main stream browser acceptance; here's the
official response to your query (answered on the mailing list on 3rd
mar 07):
-------
Well, if you want free certs there are two options: make your own CA,
or use CAcert. If you're only going to use the certificate internally,
there is no real advantage to CAcert certificates. If you're going to
use the cert on the web or to encrypt/sign e-mail or to sign documents
and code, then using CAcert is better. Why?
Once people decide to trust CAcert, by importing the root cert, and
many people already trust cacert implicitly as you can see in the link
I sent you, they will no longer get a warning on any CAcert
certificate they run into. But more importantly, they will also be
able to trust your identity, which is great for signed e-mails,
documents and code. That is something you can never provide yourself,
unless of course you only communicate with close friends.
So of course a cert which gives no warning message is far nicer, but
CAcert is the next best thing, and a nice option for many people. In
the past I used my own CA on my servers, but decided to switch to
CAcert because it provides a higher level of trust and authentication
than I can provide myself. It also helps that I run various Linux
servers and desktops such as Debian and Gentoo, which both include
CAcert as trusted root.
Your situation may be different of course.
Greetings, Martijn
-----
the link he refers to is:
http://wiki.cacert.org/wiki/InclusionStatus
hope that helps you with your decision, personally I decided to go
with it!! 
heres the warning you get in opera, (you get the chance to press
accept - if a user reads it!)
----
- The certificate for "www.sharetvnews.com" is signed by the unknown
Certificate Authority "CA Cert Signing Authority". It is not possible
to verify that this is a valid certificate
----
|
|
|
|
|