ok, so for single different domains, hosted virtually on one single IP address I will have to brave the SSL pop up occurring when users enter the login area for Plone. I'm only going to have it on the login areas so it's not so bad. Better than having no SSL at all on logon. There must be lots of people running Zope/Plone sites with un-secured logon areas. Really easy to hack and then change the content of the site etc.
<br><br><div><span class="gmail_quote">On 1/24/06, <b class="gmail_sendername">Slobodan Jovcic</b> <<a href="mailto:jovca@oid.ucla.edu">jovca@oid.ucla.edu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Um, not really. In order for the wildcard cert e.g. *.mydomain.com to work, all the sites have to be on subdomains like <a href="http://site1.mydomain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
site1.mydomain.com</a>, <a href="http://site2.mydomain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">site2.mydomain.com</a>, etc. It doesn't matter if the sites are on virtual hosts or not. Serving the cert on anything that doesn't end with "
<a href="http://mydomain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mydomain.com</a>" will activate a pop-up.<div><br></div><div>For single-domain certificates, yes, you have to have each domain on a separate IP address.
</div><div><br></div><div>Jovca<div><div> <span style="border-collapse: separate; border-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div>_________________________________</div><span class="q"><div>Slobodan Jovcic</div><div>Teaching Enhancement Center</div><div>Office of Instructional Development, UCLA</div><div>(310) 794 2099</div><div><br></div><br></span>
</span> </div><div><span class="e" id="q_108fd8866ae5e208_3"><br><div><div>On Jan 24, 2006, at 9:31 AM, michael nt milne wrote:</div><br><blockquote type="cite">ok, they're not technically subdomains but full domains in their own right but served from a single server which has its own domain. Would a wild card work with that? Would the pop-ups still be present when a user enters the site?
<br><br><div><span class="gmail_quote">On 1/24/06, <b class="gmail_sendername">Slobodan Jovcic</b> <<a href="mailto:jovca@oid.ucla.edu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">jovca@oid.ucla.edu
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Use a wildcard certificate, if all of your subdomains on the server<br>
belong to a single domain.<br><br>> Hi<br>><br>> I've got a few Plone sites set-up using Apache through Zope. The<br>> question is, I'd like to implement SSL on the site login etc, as <br>> it's not secure without this. There's also one site I'd like to
<br>> serve completely over https. However. I'm told that you can't run<br>> SSL on virtual hosts and can only have once SSL site per IP address. <br>><br>> What would be the way round this? I know I could set-up SSL on Zope
<br>> only using the following documentation:<br>><br>> <a href="http://www.zope.org/Members/Ioan/ZopeSSL" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.zope.org/Members/Ioan/ZopeSSL
</a><br>><br>> but if I can't carry this through to Apache then I'd have to run<br>> Zope as the web server as well as the application server.<br>><br>> Thanks<br>><br>> Michael<br><br>_________________________________
<br>Slobodan Jovcic<br>Teaching Enhancement Center<br>Office of Instructional Development, UCLA<br>(310) 794 2099<br><br><br><br>_______________________________________________<br>Zope maillist - <a href="mailto:Zope@zope.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Zope@zope.org</a><br><a href="http://mail.zope.org/mailman/listinfo/zope" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://mail.zope.org/mailman/listinfo/zope</a><br>** No cross posts or HTML encoding! **
<br>(Related lists -<br> <a href="http://mail.zope.org/mailman/listinfo/zope-announce" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> http://mail.zope.org/mailman/listinfo/zope-announce</a><br> <a href="http://mail.zope.org/mailman/listinfo/zope-dev" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://mail.zope.org/mailman/listinfo/zope-dev</a> )<br></blockquote></div><br></blockquote></div><br></span></div></div></div>
</blockquote></div><br>