hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : CNAME & SSL
Reply

Forum Jump

CNAME & SSL

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 12-12-2008, 06:27 PM
LukeSc LukeSc is offline
Newbie
 
Join Date: Feb 2008
Posts: 11
CNAME



Sponsored Links
  #2  
Old 12-12-2008, 08:08 PM
plumsauce plumsauce is offline
******* Unleaded
 
Join Date: Feb 2004
Posts: 3,806
The solution that we have done for some sites is as follows:
1. setup a wildcard dns entry so that anything.example.com is resolved to your server.
2. use a wildcard ssl cert from rapidssl, obtainable from servertastic for about $200.
Your clients can then use something like theirdomain.example.com as the link target, and your server will behave properly without popping ssl warnings.
By using a wildcard dns entry, you have exactly zero maintenance to worry about.





__________________█ server uptime monitor and alert service - basicstate.com█ MSNBC.COM - Site of the Week█ managed dns global failover and load balance - edgedirector.com

  #3  
Old 12-12-2008, 10:21 PM
LukeSc LukeSc is offline
Newbie
 
Join Date: Feb 2008
Posts: 11
Maybe I'm not understanding you correctly, but doesn't wild card ssl certificates still only function for one domain name? Which means it would only work for them.ourdomain.com, not theirdomain.com.
We would like them to be able to secure their own domain, not a sub domain of ours already secured.
I'm pretty sure there isn't a wildcard ssl certificate that works for all root level domains... but if there is I'd like to know about it.
It seems that I will have to install a ssl certificate (unless there are other options) for additional root domains. I just don't want to have to do it myself through cpanel... I'd rather them do it themselves through our PHP-powered website.

Sponsored Links
  #4  
Old 12-13-2008, 04:58 AM
cristibighea cristibighea is offline
Custom Hosting Master
 
Join Date: Jan 2007
Posts: 2,602
If you want them to do it themselves you might need to develop a plugin for cPanel so they can create it by interacting with that plugin through your PHP powered site. Not 100% sure if this is possible, so you might want to research it.





__________________478east
Custom Hosting Solutions
Complex Content Delivery

  #5  
Old 12-13-2008, 09:42 PM
webenthusiast webenthusiast is offline
Junior Guru Wannabe
 
Join Date: Jul 2008
Location: Calgary
Posts: 45
You would not be able to accomplish this through url forwarding/cname as cnames cannot be in the https format
i.e: www.clientdomain.com cannot show up as https://www.clientdomain.com unless that site has a dedicated i.p. and an ssl cert issued to that specific domain. One way around this would be to setup a wild card cert with a white labelled name, like *.securesite.com so when a user of your client's site is taken from www.clientdomain.com to https://clientdomain.securesite.com it looks more official. Either you or your client would just change all links to secure pages to use that format. Conversely all links away from the secure pages would go back to http://www.clientdomain.com which is being forwarded to yourcompanywebsite.com/clientname/index.html. If your clients wanted an ssl for their actual domain, it is pretty easy for them to install from a cPanel account themselves or you could charge fee. You can also set up a shared SSL certificate in the format of https://sharedssldomain.com/~username
but in that case, they would have to have an account on your server and not just be using urlforwarding or urlframing





__________________Excitahost.com "We make it so simple you can get excited about hosting"Webhosting, Domain Name Registration, SSL CertificatesExciting Backup Solutions "One less thing to worry about"

  #6  
Old 12-13-2008, 10:10 PM
foobic foobic is online now
Community Liaison 2.0
 
Join Date: Feb 2005
Location: Australia
Posts: 5,549
Quote:



Originally Posted by LukeSc


So my question is: what options do I have available to me?


The one suggested by plumsauce is most common and probably best. Otherwise they will need their own certificate in order to use their own domain name.
Quote:


Is there some kind of "wildcard" certificate that does any domain (not just one)?


No - that would defeat the object of SSL certificates.
Quote:


Is there any way I can allow them to install their own certificate through our site for their domain?


This really depends on the control panel. DirectAdmin allows users to set up their own certificates. I thought cPanel didn't, but it does now seem to have this in the SSL/TLS Manager section. However the user will also need a dedicated IP address which you'll need to assign, unless you automatically give one to each user on sign-up.
Edit: One other consideration here - setting up a certificate requires some technical expertise. If your average user doesn't have it then asking them to do it themselves might actually give you more work (answering support requests) than just doing it for them...
Quote:


Any way to have PHP handle all the SSL stuff instead of apache?


I may be wrong but I'm pretty sure the answer to that one is also... No.
Good luck!





__________________
Chris <ClonePanel>
"Not everything that can be counted counts, and not everything that counts can be counted" - Albert Einstein






Last edited by foobic : 12-13-2008 at 09:15 PM.

  #7  
Old 12-13-2008, 10:32 PM
Red Squirrel Red Squirrel is offline
Web Hosting Master
 
Join Date: Feb 2008
Posts: 807
afaik you can only have one SSL per hostname/IP. So what you need to do is have a dedicated IP for each SSL site, you'd probably want to charge extra for SSL.
I've never worked with wildcard ones though. Even with self signed, you can't have more then one cert per IP, though I suppose that would not be an issue if you get a wild card one.





__________________http://www.uovalor.com/ :: UO serverhttp://www.serverweave.com/ :: Server Control Panel - In Progress...

  #8  
Old 12-15-2008, 02:50 PM
LukeSc LukeSc is offline
Newbie
 
Join Date: Feb 2008
Posts: 11
Isn't the requirement for having a dedicated IP only a cPanel requirement? I thought through other control panels like plesk you could have multiple SSL certs per IP and the requirement is only unique root host names. I do believe you can have multiple certs per IP for more than one root host name on cPanel, you just have to do it manually.
It does seem having cPanel for this site on the server is causing somewhat of a problem though. I might be better off managing all the stuff I need myself. EIther that, or creating a cPanel plugin.
When I asked about PHP handling SSL... It is possible to direct HTTP traffic through port 443 if you set up the virtual host to do that... It just isn't SSL secured, and would be HTTP. So if you tried https on the browser, it wouldn't be getting the proper request... But I'm wondering if it's possible to do that, why not have PHP send/recieve the proper ssl requests. There are a number of openssl functions available to PHP. I know that with GZIP I've implemented a solution without using apache's gzip solution, so that it works on any web server... I'm wondering if something similar is possible?

  #9  
Old 12-15-2008, 07:10 PM
foobic foobic is online now
Community Liaison 2.0
 
Join Date: Feb 2005
Location: Australia
Posts: 5,549
The limitation to one IP address doesn't come from cPanel, it's the nature of SSL. The server's identity needs to be established during the connection phase, before the server knows which domain the client is requesting. So having multiple domains on name-based virtual hosting with SSL simply can't work (at least not without certificate warnings about mismatched domains).http://en.wikipedia.org/wiki/Transport_Layer_Security
It looks like developments in SSL/TLS will make IP address sharing possible in future but it's not something you're going to be able to do in PHP, or even by hacking Apache.
One other thought FWIW: you could use the same IP address but a different port for each client...





__________________
Chris <ClonePanel>
"Not everything that can be counted counts, and not everything that counts can be counted" - Albert Einstein

  #10  
Old 12-15-2008, 10:23 PM
LukeSc LukeSc is offline
Newbie
 
Join Date: Feb 2008
Posts: 11
I'm pretty sure that you can, if you set an A record on the domain rather than the CNAME. I believe apache sees domain2.com as domain1.com when domain2.com is CNAME'd to domain1.com. The SSL certificate is specified in the virtual host. If you use an A record instead, the virtual host for domain1.com will not match against domain2.com. So it may not be a limitation in cPanel, but rather how Apache works.
If I were able to bypass Apache's SSL engine and allow PHP to handle SSL communications, I could load the appropriate SSL certificate through OpenSSL functions in PHP. Trouble is apache may filter out certain request headers. Would take some investigating to see if I could get that to work. Was wondering if anyone else had done anything similar.

Reply

Related posts from TheWhir.com
Title Type Date Posted


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?