[Zope] SSL over Multiple Zope/Plone sites?
Jens Vagelpohl
jens at dataflake.org
Tue Jan 24 09:53:17 EST 2006
On 24 Jan 2006, at 14:30, michael nt milne wrote:
> Hi
>
> I've got a few Plone sites set-up using Apache through Zope. The
> question is, I'd like to implement SSL on the site login etc, as
> it's not secure without this. There's also one site I'd like to
> serve completely over https. However. I'm told that you can't run
> SSL on virtual hosts and can only have once SSL site per IP address.
>
> What would be the way round this? I know I could set-up SSL on Zope
> only using the following documentation:
>
> http://www.zope.org/Members/Ioan/ZopeSSL
>
> but if I can't carry this through to Apache then I'd have to run
> Zope as the web server as well as the application server.
You can run SSL on virtual hosts, but Apache cannot present different
server certificates to the browser based on virtual hosts. So every
virtual host with a hostname that does not match the certificate
Apache presents on the IP will produce nasty popup boxes on clients.
To prevent those warnings you *must* use separate IPs for every SSL-
secured hostname you plan on serving, so the statement "one SSL site
per IP" is basically correct.
I don't know if making Zope serve out SSL directly helps that (I
doubt it) because I wouldn't consider using it.
jens
More information about the Zope
mailing list