[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SSL Setup

Subject: Re: [cobalt-users] SSL Setup
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sun Mar 16 08:19:00 2003
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

"Ray Healy (Data Net Services)" wrote:

> I have searched the archives but am still confused. Can anyone help ?
> 
> I am aware that you can only have 1 SSL certificate per IP number on the RAQ
> 4 but I have seen bits of information whereby you can give secure access to
> all virtual sites if they require it for ecommerce.

So far so good <smile>.

> I believe that you set something up like secure.domain.com (this being the
> domain of the RAQ4) and then change some links so that all sites can use the
> same certificate without errors after buying the certificate in the name of
> secure.domain.com

I'm not sure what you're saying here.  But yes, you can set up
secure.example.com (where example.com is YOUR domain) and buy a cert for
it).  It works like any other secure cert.

> Does anyone know how to do this or can point me in the right direction or
> have I got it totally wrong.

We do it all the time <smile>.

> If this is correct, then where do you save the secure pages for the clients
> and how do they upload their files.. Also how do you call the pages from
> within a web page - would it be http://secure.domain.com/user/page.htm or
> /home/sites/home/etc etc.

We don't do it with links at all; here's what we do...

We create a subdirectory under (for example)
/home/sites/secure.example.com/web/ for each domain.  For example, for
our customer with a website at "www.example2.com" we set up the
following subdirectory:

/home/sites/secure.example.com/web/example2.com/ 

Then we create a new user for example2.com, for example user "newuser". 
Then we manually edit /etc/passwd to change newuser's home directory
from:

/home/sites/www.example2.com/users/newuser

to:

/home/sites/secure.example.com/web/example2.com

Be sure that newuser is NOT set up as a site administrator.

Unless I'm forgetting something in the way of permissions (let me know
if it doesn't work) newuser should now be able to ftp into the server
and place contents at

/home/sites/secure.example.com/web/example2.com/

and everyone should be able to see it on the web at:

https://secure.example.com/example2.com/

> I really cannot get my head round this as eventually I want to set up PGP so
> that they shops can have secure pages and receive orders via a PGP encrypted
> email.
> 
> Am I wrong !!!!

The above works fine.  What you CANNOT have unless the user has his own
unshared IP# is any way for the visitor to see
"https://www.example2.com/securedirectory/"; into his browser without
getting the cert error.  Not even if you use links.

> Your comments would be appreciated.

We've set this up for lots of clients.  Please let us know if you need
help in setting it up.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";

Follow-Ups:
- RE: [cobalt-users] SSL Setup
  - From: Ray Healy \(Data Net Services\)

References:
- [cobalt-users] SSL Setup
  - From: Ray Healy \(Data Net Services\)

Prev by Date: Re: [cobalt-users] SSL Setup
Next by Date: RE: [cobalt-users] New Cobalt RAQ3 series machines and warranty issues?
Previous by thread: Re: [cobalt-users] SSL Setup
Next by thread: RE: [cobalt-users] SSL Setup

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index