Re: [Zope] SSL over Multiple Zope/Plone sites?

Tue, 24 Jan 2006 10:06:12 -0800

ok, so for single different domains, hosted virtually on one single IP address I will have to brave the SSL pop up occurring when users enter the login area for Plone. I'm only going to have it on the login areas so it's not so bad. Better than having no SSL at all on logon. There must be lots of people running Zope/Plone sites with un-secured logon areas. Really easy to hack and then change the content of the site etc.

On 1/24/06, Slobodan Jovcic <[EMAIL PROTECTED]> wrote:
Um, not really. In order for the wildcard cert e.g. *.mydomain.com to work, all the sites have to be on subdomains like site1.mydomain.com, site2.mydomain.com, etc. It doesn't matter if the sites are on virtual hosts or not. Serving the cert on anything that doesn't end with " mydomain.com" will activate a pop-up.

For single-domain certificates, yes, you have to have each domain on a separate IP address.

Jovca
_________________________________
Slobodan Jovcic
Teaching Enhancement Center
Office of Instructional Development, UCLA
(310) 794 2099

On Jan 24, 2006, at 9:31 AM, michael nt milne wrote:

ok, they're not technically subdomains but full domains in their own right but served from a single server which has its own domain. Would a wild card work with that? Would the pop-ups still be present when a user enters the site?

On 1/24/06, Slobodan Jovcic <[EMAIL PROTECTED] > wrote:
Use a wildcard certificate, if all of your subdomains on the server
belong to a single domain.

> Hi
>
> I've got a few Plone sites set-up using Apache through Zope. The
> question is, I'd like to implement SSL on the site login etc, as
> it's not secure without this. There's also one site I'd like to
> serve completely over https. However. I'm told that you can't run
> SSL on virtual hosts and can only have once SSL site per IP address.
>
> What would be the way round this? I know I could set-up SSL on Zope
> only using the following documentation:
>
> http://www.zope.org/Members/Ioan/ZopeSSL
>
> but if I can't carry this through to Apache then I'd have to run
> Zope as the web server as well as the application server.
>
> Thanks
>
> Michael

_________________________________
Slobodan Jovcic
Teaching Enhancement Center
Office of Instructional Development, UCLA
(310) 794 2099



_______________________________________________
Zope maillist  -   Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )



_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to