Jump to content

Archived

This topic is now archived and is closed to further replies.

JeffroDH

SSL Configuration

Recommended Posts

Hello all,

 

I'm rather new to the world of DNS and SSL, and have a few questions.

 

I've been told by GoDaddy that in order to have SSL for all of my subdomains, I must purchase a UCC certificate.

 

It seems to me however, that I should be able to have an SSL connection with every subdirectory via a single standard ssl. That said, I need a bit of direction on the configure.php settings. Here's what I have now:

 

define('HTTP_SERVER', 'http://www.mysite.com');
 define('HTTPS_SERVER', 'http://www.mysite.com');
 define('ENABLE_SSL', false);
 define('HTTP_COOKIE_DOMAIN', 'mysite.com');
 define('HTTPS_COOKIE_DOMAIN', 'mysite.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

This is allowing the site to be accessed as a folder, rather than a subdomain. The subdomain redirects here, but I'd like http://catalog.mysite.com to appear throughout my customer's visit.

 

Here's what I THINK the settings should look like.

 

define('HTTP_SERVER', 'http://catalog.mysite.com');
 define('HTTPS_SERVER', 'http://www.mysite.com');
 define('ENABLE_SSL', false);
 define('HTTP_COOKIE_DOMAIN', 'catalog.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', 'mysite.com');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

From what I can tell, this should allow unsecured visitors to see catalog.mysite.com, and have it switch to the normal site whenever an SSL connection is required. Also, I'm hoping it will allow me to secure the entire site (store included) with the standard certificate I've already got (and can't be refunded/upgraded) rather than paying for a UCC Cert. Obviously, I'll set ENABLE_SSL to true when the time comes.

 

Thanks in advance for all your help!

 

EDIT: Also a thought: If I'm able to do a mod_rewrite to make the url appear to be catalog.mysite.com and just leave the settings as they are, I'm willing to do that as well. I'm just completely at sea as far as determining how that will work with a SSL connection.

Share this post


Link to post
Share on other sites

@@JeffroDH

 

Godaddy, and many other hosting providers do NOT allow more than one SSL per IP Address. The only way to have multiple domains secured under one IP is a UCC. OR, you can find a hosting provider that offers a shared SSL.

 

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

@@DunWeb

 

I understand that. All of these subdomains are hosted under the same hosting account, and should have the same IP address. Am I mistaken?

 

In any case, I should be able to secure an infinite number of directories within a single domain, no?

 

Thanks for your quick response.

 

Jeff

Share this post


Link to post
Share on other sites

@@JeffroDH

 

No, the IP and the domain name are registered with the SSL Certificate. With a standard SSL, both must match the registration record to be valid.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

@@DunWeb

 

After doing some more research, I've gotten some more info. Hopefully you can confirm the veracity of it:

 

The reason you can't do a mod_rewrite and display 'https://shop.domain.com' to the user and have the information actually called from 'https:/domain.com/shop' is that the certificate is verified based on what is shown to the user's browser, rather than the actual server request (or is it both?).

 

This makes sense from a security standpoint, although I'm disappointed that I couldn't do something cute with .htaccess to get around this. I suppose this issue is primarily vanity, but I think it's necessary to have a consistent, polished user experience, all the way down to the URL displayed in the browser.

Share this post


Link to post
Share on other sites

×