> The name of the server isn't really important, as long as you've > > a) configured your webserver properly > b) all the documents you want secure are not accesible via the insecure > site
correct. > It's common sense to have a different name, so that folks don't remove the > S in https and still be accessing the www server If you configure it properly this is a non-issue. The following apache config will take care of it. Your "secure" site files are in a different location than the normal sites files. <VirtualHost 1.2.3.4:80> SSLDisable ServerName www.4cheapdomains.net DocumentRoot /path/to/normal/web/site </VirtualHost> <VirtualHost 1.2.3.4:443> SSLEnable ServerName www.4cheapdomains.net DocumentRoot /path/to/secure/web/site </VirtualHost> > It will work, but it's also not the easiest to maintain (having to force > SSL while using certain files/directories is doable, but not as easy as > having a seperate hostname). The above configuration works exactly the same way whether you use a separate hostname or not. Maintenance is neither harder nor easier with either configuration. > With the other hostname (however) you will > also require a seperate IP address (you cannot do name based > VirtualHosting and SSL at the same time) This is not true. We do it all the time. What you really mean Chuck is that you cannot use two different SSL certificates with one IP address. This is not an issue in the case under discussion. Regards, Bill
