> we have over 300 domains/sites Then the difference would be that they all share the need of the one secure domain...I guess the way PayPal, etc., handles payments for many different sites.
I could see a setup like this working if I had 20 insurance agents using my app...I could separate the non-SSL pages by using host headers and whatever pages that involved forms and the transmission of data would be handled by pages in the secured sub-domain area. Like the subroutines I programmed back around 1982 when I was writing BASIC code on my Radio Shack Color Computer... :o) Rick -----Original Message----- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 08, 2006 11:40 AM To: CF-Talk Subject: RE: SSL Certificates No, we have over 300 domains/sites but when they want to do a transaction - the goto secure...... -----Original Message----- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: 08 August 2006 16:15 To: CF-Talk Subject: RE: SSL Certificates I guess that's the difference in our scenarios...you're basically running one site (it seems) and you have secure and non-secure areas working together. I need to host multiple domains which have nothing in common and now need to be able to accommodate secure sites in the mix. Single site hosting vs multiple site hosting...seems to be where the rub is... Rick -----Original Message----- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 08, 2006 10:23 AM To: CF-Talk Subject: RE: SSL Certificates Yes, for us it is payments. We have 3 web servers, load balanced with sticky sessions. So, when User A goes and adds up a basket in Web Server A they are always on that server for session awareness etc. Now, for each of these web servers we have a secure.blahblah.com site setup on port 443, each with a cert installed (well it is just one cert exported and imported across the range). So, when a user goes to checkout they are effectively leaving their website domain of www.foo.com and going to secure.blahblah.com - all with their session data intact. At the point they move from HTTP to SSL their traffic is encrypted at the strength allowed by the cert - so yes, all traffice is indeed encrypted at anytime while they are on https://secure.blahblah.com/ Data isn't *sent* to that domain, you are actually moving to the secure domain as part of your request. When all is done and they want to go back they switch back to www.foo.com and all is good. N ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249207 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
