 | View Full Version : help with certificates diyoha 07-18-2001, 10:27 AM Hello, with named hosting can each virtual server have a certificate or do all of them have to share one certificate with the IP they are sharing? thanks! David mlovick 07-18-2001, 10:36 AM Each SSL cert has to have its own IP. You can only have one ssl site per IP address in other words.:) diyoha 07-18-2001, 02:44 PM so what do people with named hosting do as far as ssl, certificates etc? thanks David mlovick 07-18-2001, 03:12 PM You have to ask your ISP for a dedicated IP for your site - then you can have your own SSL cert. ljprevo 07-18-2001, 03:20 PM As a host you could have a https://secure.yourdomain.com and get a certificate for that sub domain. Then you could issue a user account for your customers and they could have sharded space on your secure sub domain at https://secure.yourdomain.com/~jdoe/ This would save you giving them a IP and they would have SSL space, esp for lower priced hosting packages. If you are a customer, contact your host and see if they have SSL with their own certificate and see if they would give you a user account on their SSL site. mlovick 07-18-2001, 03:37 PM I aggree - this is a more standard way of doing things. And a cheap way too :liplick: diyoha 07-19-2001, 02:29 AM Thanks for the pointers. I should have given more information. I have a raq4i with rackshack. So I am in full control of the server. But with rackshack I get one IP for all my hosts (ie with named hosting) so my issue was how to provide secure service to my named hosting customers. It seems like ljprevo has the right idea. My only issue is to automate this process! I have a script that setups up a new user ie from a web page without my intervention ... is setting https://secure.yourdomain.com/~jdoe/ to point to a directory something basic to setup? Never had to do that with any of my servers ... is the above the best way to do this i.e. the industry standard as far as everyone with named hosting handles certificates? thanks David ljprevo 07-19-2001, 09:23 AM Originally posted by diyoha is setting https://secure.yourdomain.com/~jdoe/ to point to a directory something basic to setup? Never had to do that with any of my servers ... is the above the best way to do this i.e. the industry standard as far as everyone with named hosting handles certificates? [/B] I seen by your tag line your site is http://www.systware.com what you need to do, to offer shared SSL, is take a FREE IP #, if you don't have one, order a block from RackShack.net, create a sub domain, with its own IP #, example secure.systware.com I would suggest you purchase a cert from Thawte and load it on this sub domain, then if one of your users needs SSL, esp one that has say one of your "lower priced packages" then add a user to this domain name, but do not set them up as a site admin. Say for example their user name is jdoe, jdoe would have thier own site space at secure.systware.com, the url would be https://www.secure.systware.com/~jdoe When they FTP into the server with the jdoe user name they would publish their SSL in the /web folder they arrive at. Users would not have to back up to root then enter /web, they would see the root of their SSL site when they FTP in. To see a graphical directory layout of a cobalt server goto http://www.prevo.net/faqs/directory.html The user would have a different username and password to enter this area than their regular space. Every user on a Raq has their own space at sitename.com/~username I hope this helps. I am not the best at explaining things, but I sure give my best shot at it. :cartman: diyoha 07-19-2001, 09:32 AM thanks ... that explained much of the process. The concept I cannot grasp is how the user takes advantage of their new ssl area? What I mean is let us say for example they have a php application that collect credit card numbers. How would the program switch from their non secure area to the secure area while the app is running. Or let us the the full application is supposed to run on the secure server ... how would they install the script there? The other thing is how do you prevent user1 from going into user2's directory ... are the permisions automatically setup to prevent this? David ljprevo 07-19-2001, 09:37 AM One thing to remember with SSL. "Keep everything under SSL in your SSL directory" Why? Because the surfers browser will display "site contains un-secured material, would you like to continue?" I feel this would scare a visitor off, quickly. Images, scripts, everything, keep in the SSL directory. Give the user PHP and CGI with their username. This way they can run scripts in their "shared" SSL space. diyoha 07-19-2001, 10:01 AM That causes some problems in terms of data centralization. ie the database storing information in the ssl area is different than the database in the non secured area. Combining you data later could become an issue. Also how do you prevent user1 from entering user2's directory .... are there permission set the prevent this? thanks David WreckRman2 07-19-2001, 02:36 PM I just create a soft link pointing to that clients root web. Kinda same thing as giving them a folder on the SSL but it loads thier site with SSL encryption. onlysuccess 07-21-2001, 12:17 AM WreckRman2, Would you mind sharing the exact command you use during your SSH session to create the soft links for each of your clients to share your SSL certificate? This sounds like exactly what we're trying to accomplish. Thanks! Sincerely, Chris |