On 24 Jan 2006, at 14:30, michael nt milne wrote:

Hi

I've got a few Plone sites set-up using Apache through Zope. The question is, I'd like to implement SSL on the site login etc, as it's not secure without this. There's also one site I'd like to serve completely over https. However. I'm told that you can't run SSL on virtual hosts and can only have once SSL site per IP address.

What would be the way round this? I know I could set-up SSL on Zope only using the following documentation:

http://www.zope.org/Members/Ioan/ZopeSSL

but if I can't carry this through to Apache then I'd have to run Zope as the web server as well as the application server.

You can run SSL on virtual hosts, but Apache cannot present different server certificates to the browser based on virtual hosts. So every virtual host with a hostname that does not match the certificate Apache presents on the IP will produce nasty popup boxes on clients. To prevent those warnings you *must* use separate IPs for every SSL- secured hostname you plan on serving, so the statement "one SSL site per IP" is basically correct.

I don't know if making Zope serve out SSL directly helps that (I doubt it) because I wouldn't consider using it.

jens

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to