Ok, that's really interesting. Thanks. Yes I could just stay using SSL after the login if there's a problem with going non-ssl<br><br>I understand the setting up the single secure domain bit linked to the IP address but don't quite get how I would link each site's login areas to that? Basically are you saying you would, using re-write rules, just call
<a href="http://www.plonesiteone.com/login_form">http://www.plonesiteone.com/login_form</a> - <a href="http://mysecure_domain.com/plonesiteone/login_form">http://mysecure_domain.com/plonesiteone/login_form</a> ?<br><br>It would be the same Plone login page but just have a different URL in the address bar, a https one?
<br><br>Also would you need to use VHM because I've got Apache virtual hosts set-up without actually doing anything in Zope. As long as VHM is on it is all fine.<br><br>Thanks<br><br>Michael<br><br><div><span class="gmail_quote">
On 1/24/06, <b class="gmail_sendername">David Pratt</b> <<a href="mailto:fairwinds@eastlink.ca">fairwinds@eastlink.ca</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I think this should be doable for single cert with multiple domains.<br>Setup you exising ip with one domain (ie. mysecure_domain.com). Get the<br>cert on this domain.<br><br>Setup a rewrite rule in apache for port 443 for mysecure_domain.com
<br><br>You could use a self signed cert to experiment. When user logs in<br>request login page goes to<br><br>site1 - <a href="http://domain_one.com">http://domain_one.com</a>:<br>You would need to make your login go to you login page
<br><a href="https://mysecure_domain/site1/login">https://mysecure_domain/site1/login</a><br><br>site2 - <a href="http://domain_two.com">http://domain_two.com</a>:<br><a href="https://mysecure_domain/site2/login">https://mysecure_domain/site2/login
</a><br><br>Once logged in goes to whatever you have in your vhm<br><a href="http://www.domain_one.com">http://www.domain_one.com</a> /site1 in vhm<br><a href="http://www.domain_two.com">http://www.domain_two.com</a> /site2 in vhm
<br><br>in vhm you'd have:<br>www.domain_one.com /site1<br>www.mysecure_domain/site1 /site1<br>www.domain_two.com /site2<br>www.mysecure_domain/site2 /site2<br><br>The problem here will be the session since when you login secure and
<br>switch back to the regular site, your ssl session will expire<br>automatically but you'll need to pass it to nonssl to stay alive when<br>you go back to nonssl. I think a solution might be to store it, go to<br>nonssl and then retreive it when you do your redirect back to non-ssl. I
<br>have not tried this yet. Alternatively you could always stay in ssl from<br>that point forward. Any technique from someone on this would be helpful<br>since I am also interested in what possibilities there might be.<br>
<br>This should not give you a problem with the cert because identity on<br>cert would match the ip. I think otherwise you are in a situation where<br>you will need a dedicated server setup to have one ip per site and then
<br>you can just do a single rewrite per ip or use chained ssl if you have<br>sub domains that you want to tie together under a single cert over one<br>or more ips on one or more servers.<br><br>Regards,<br>David<br></blockquote>
</div><br>