hi,
how can I setup a shared ssl cert on our server so our custumer can access from their virtual sites?
thank you

You cant.

Each SSL certificate can only be run on a single site URL.

The best way is to set up a SSL on one site and then create FTP accounts (new user) for each of your clients.
e.g.
https://secure.domain.co/~user/

Maybe that you can do it like that:

1. create a certificate for your mainsite
2. edit your httpd.conf and add this line to your mainsite
AliasMatch ^/secure/([^/]+)(/(.*))? /home/sites/$1/web/$3
3. restart apache

then your customer can access the site with via ssl with:
https://www.maindomain.com/secure/www.domain.com/page.html

I am sure that would make the browser (IE or Netscape) throw up an error!

Tell me if I am wrong.

No, it should be ok, I have quickly tested on my raq3 and I don't see any problem

if you want to check it out:

my main domain: http://www.nike.host4all.net

site1 http://www.tislight.sebisoft.com
-> ssl https://www.nike.host4all.net/secure/www.tislight.sebisoft.com

I have a cert at https://secure.indywebdesign.com. I allow my customers to use my SSL but setting up a soft link and pointing it to thier root web. Example: https://secure.indywebdesign.com/americancricketranch and thier domain is http://www.americancricketranch.com.

Works for me...

Originally posted by swissmonk
No, it should be ok, I have quickly tested on my raq3 and I don't see any problem

if you want to check it out:

my main domain: http://www.nike.host4all.net

site1 http://www.tislight.sebisoft.com
-> ssl https://www.nike.host4all.net/secure/www.tislight.sebisoft.com

Nope - Sorry but this throws up a security alert in my browser. If it is for securing passwords etc I would maybe trust the site but if it is an ecommerce site asking for my CC details I would walk!:eek:

Anytime you generate your own cert it will throw an alert. You need a real cert from verisign or thawte.

You can also get a free cert from these people http://www.freessl.com/ but it is only compatible with 70% browsers unlike thawte and verisign @ 99%

ok guys, it seems the thread is interesting..
I wish to try WreckRman2's solution.
can you give me code to have that result?

this procedure right??????
"Basically i set up a virtual site called www.order-securely.co.uk and
installed a SSL cert for it.

Once that was set up i edited the httpd.conf file (back it up first!) in
the following manner:

I found the virtual site order-securely.co.uk

Found the lines:

AliasMatch ^/~([^/]+)(/(.*))? /home/sites/site3/users/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /home/sites/site3/users/$1/web/$3

Then added this line directly below them:

AliasMatch ^/secure/([^/]+)(/(.*))? /home/sites/$1/web/$3

Saved the file, restarted the web server and you can now access each
virtual site via https://www.order-securely.co.uk/secure/siteX (where X =
site number) or https://www.ordersecurely.co.uk/secure/www.theirdomain.com
"
thank you

Originally posted by mlovick
You cant.

Each SSL certificate can only be run on a single site URL.

The best way is to set up a SSL on one site and then create FTP accounts (new user) for each of your clients.
e.g.
https://secure.domain.co/~user/



It's kind of insecure. Because users can put stealing cgi and steal all files for this domain

thawte sells wildcards certs, like *.domain.com

but I havn't tested that. They're talking about a problem with IE