SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: SSL question

  1. #1
    SitePoint Enthusiast abrodski's Avatar
    Join Date
    May 2010
    Location
    Moscow, RU
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SSL question

    I have a website hosted on a regular hosting with my own IP and I purchased COMODO SSL for a year via my hosting provider. I have a primary domain and couple of add-on domains. Add-on domains are completely different domains residing in separate folders of my primary domain (kinda like sub-directories).

    I don't really need SSL all that bad. I would probably use PayPal which has its own secured interface for credit card online transactions. BUT...what I do need is to be able to login securely into my Joomla backends where I enter my admin credentials. Obviously, SSL that I have is connected to my primary domain (hoster doesn't provide SSL for add-ons anyway). The good news is that I'm somehow being able to
    use SSL on my add-ons' backends. I force SSL in Joomla configuration for a backend of Joomla and it seems to be working fine. The only thing is...browsers show me a warning messages that I simply ignore since I know what it's about. The warning is because the certificate was issued for a different domain (ie. my primary one only).

    The question is...anyone can explain it and do you think SSL would work fine for ALL of the domains (one primary and 2 add-ons)?

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    abrodski,

    I have done the same thing (for a different reason, obviously) as I offer to share my SSL with my website clients. Since they, too, are in cPanel Addon domains, their clients can access via https://MyDomain/AddonDirectory/SecurePage(s). That does not generate a warning although it does display my domain as the SSL's owner but it does allow the clients' secure page(s) to be secure (under my SSL). It's worked fine for many years.

    What I perceive that you've done is simply force an https:// protocol on client pages which, while providing an encrypted link (I hope it does that), browsers dutifully report a non-secure (not validated by an SA) situation. It's as if you've "self-signed" a certificate for your clients.

    IMHO, if they need an SSL, charge them for it and do it properly.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Enthusiast abrodski's Avatar
    Join Date
    May 2010
    Location
    Moscow, RU
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply!
    SA? You probably meant - CA...
    Well, for a client I won't do that, of course! Those add-ons are just my own other sites.
    I could do what you proposed, but I kinda prefer to see a correct domain as opposed to primary/add-on/secure pages.
    As a matter of fact, just for a login I'm considering a FREE option of private self-signed cert.
    Would save me 50$ a year...

  4. #4
    SitePoint Enthusiast MilesWeb's Avatar
    Join Date
    May 2012
    Posts
    47
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Most of the hosting providers offer shared SSL on their hosting packages. With Shared SSL, the URL may look something like this:

    https: // secure.yourhost.com/~username/

    Its a good alternative to secure your addon domains.

    Quote Originally Posted by abrodski View Post
    Thanks for your reply!
    SA? You probably meant - CA...
    Well, for a client I won't do that, of course! Those add-ons are just my own other sites.
    I could do what you proposed, but I kinda prefer to see a correct domain as opposed to primary/add-on/secure pages.
    As a matter of fact, just for a login I'm considering a FREE option of private self-signed cert.
    Would save me 50$ a year...
    Last edited by TechnoBear; Sep 24, 2012 at 12:13. Reason: Example URL delinkified

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    abrodski,

    Quote Originally Posted by abrodski View Post
    Thanks for your reply!
    SA? You probably meant - CA...

    Yes, chalk that one up to a brainfart.

    Well, for a client I won't do that, of course! Those add-ons are just my own other sites.


    I could do what you proposed, but I kinda prefer to see a correct domain as opposed to primary/add-on/secure pages.
    As a matter of fact, just for a login I'm considering a FREE option of private self-signed cert.
    Would save me 50$ a year...

    If all you want is encryption, you're correct, a self-signed cert is all you need. OTHER visitors would be upset at that but, if it's only for your peace of mind, you're expecting it so it won't matter.
    MG,

    Quote Originally Posted by MilesGeek View Post
    Most of the hosting providers offer shared SSL on their hosting packages. With Shared SSL, the URL may look something like this:

    I would hope that's true today but it hasn't been (from my searches) for some time. Your "link" below, under my scenario, would be correct but I prefer the one I showed above.

    https: // secure.yourhost.com/~username/

    Its a good alternative to secure your addon domains.
    Good thread!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    SitePoint Member
    Join Date
    Feb 2010
    Location
    Newark, DE, USA
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The importance of sub-domains cannot be ignorable. The SSL certificate is attached to the server and qualified domain name (FQDN) of the website. You must need one certificate per FQDN that you are searching to secure. If the certificate’s common name and the FQDN on your website do not correspond, users will get an error message. In this case you website should secure with wildcard certificate which will secure your primary domain including all sub-domains.
    Secure Unlimited Sub-Domains
    with Wildcard SSL from ClickSSL.com
    Trusted SSL Certificate Provider


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •