[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] SSL Sharing

Subject: RE: [cobalt-developers] SSL Sharing
From: webmaster@xxxxxxxxxxxxxxxxx
Date: Sun Apr 16 22:18:07 2000

Thanks Mark,

Your solution does work, and I have now implemented it.  I had all of the
symlinks setup correctly, but did not realize that the problem was being
caused by a few configuration lines in apache's access.conf file.

The following lines in /etc/httpd/conf/access.conf were causing the problem:

# be more restrictive within a site
<Directory /home/sites/*/>
Options -FollowSymLinks +SymLinksIfOwnerMatch
</Directory>

I don't know if this configuration was used on the Raq2, but it is
apparently default for the 3i.  Anyway, just wanted to let everyone know
there is a way to do at least this part of the sharing.  Thanks for all of
the responses.

-Jason L. Youmans
-Sage Web Design



At 06:47 PM 4/16/00 -0500, you wrote:
>What does Microsoft have do with SSL in this context?
>Raq2 doesnt have any problems sharing a Thawte cert providing
>you get the symlinks and the urls correct.
>
>https:/secure.domain.com/virtualdomain.com/secure/securefile.html
>
>works fine.
>
>> -----Original Message-----
>> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
>> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Mark
>> Crispin
>> Sent: Sunday, April 16, 2000 5:12 PM
>> To: cobalt-developers@xxxxxxxxxxxxxxx
>> Cc: cobalt-developers@xxxxxxxxxxxxxxx
>> Subject: re: [cobalt-developers] SSL Sharing
>>
>>
>> On Sun, 16 Apr 2000 15:21:11 -0400, hostmaster@xxxxxxxxxxxxxxxxx wrote:
>> > Does anyone know how to share a single SSL certificate among the domains
>> > hosted on a RAQ3i?
>>
>> The short answer is that you can't.  Each domain must have its own
>> certificate.  If you're offering secure webhosting, this is a charge that
>> you'll probably want to pass on to your customer.
>>
>> The reason for this restriction -- an SSL restriction not a
>> Cobalt one -- is
>> that otherwise, a bad guy could set up a fake microsoft.com offering the
>> certificate for his legitimate blurdybloop.com.
>>
>> Actually, it's worse.  Microsoft requires that each logical host
>> must have its
>> own certificate.  In other words, if you have foo.blurdybloop.com and
>> bar.blurdybloop.com, they must each have their own certificate.
>>
>> You can buy a wildcard (*.blurdybloop.com) certificate from Thawte, but
>> Microsoft won't accept these as valid because it means that an
>> insider can set
>> up an unauthorized server that way.  We're working on convincing Microsoft
>> that wildcard certificates should be accepted in spite of this;
>> that the need
>> for wildcard certificates (University of Washington has 80,000 virtual
>> subdomains for its IMAP service!) outweighs the modest risk.  However, the
>> hotfix and/or service pack for this hasn't come out yet.
>>
>>
>> _______________________________________________
>> cobalt-developers mailing list
>> cobalt-developers@xxxxxxxxxxxxxxx
>> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>>
>
>
>_______________________________________________
>cobalt-developers mailing list
>cobalt-developers@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

References:
- re: [cobalt-developers] SSL Sharing
  - From: Mark Crispin
- RE: [cobalt-developers] SSL Sharing
  - From: Tony

Prev by Date: RE: [cobalt-developers] SSL Sharing
Next by Date: [cobalt-developers] perl script massadd.pl
Previous by thread: Re: [cobalt-developers] SSL Sharing
Next by thread: Re: [cobalt-developers] SSL Sharing

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index