Ok, that's really interesting. Thanks. Yes I could just stay using SSL after the login if there's a problem with going non-ssl

I understand the setting up the single secure domain bit linked to the IP address but don't quite get how I would link each site's login areas to that? Basically are you saying you would, using re-write rules, just call http://www.plonesiteone.com/login_form  - http://mysecure_domain.com/plonesiteone/login_form ?

It would be the same Plone login page but just have a different URL in the address bar, a https one?

Also would you need to use VHM because I've got Apache virtual hosts set-up without actually doing anything in Zope. As long as VHM is on it is all fine.



On 1/24/06, David Pratt <[EMAIL PROTECTED]> wrote:
I think this should be doable for single cert with multiple domains.
Setup you exising ip with one domain (ie. mysecure_domain.com). Get the
cert on this domain.

Setup a rewrite rule in apache for port 443 for mysecure_domain.com

You could use a self signed cert to experiment. When user logs in
request login page goes to

site1 - http://domain_one.com:
You would need to make your login go to you login page

site2 - http://domain_two.com:

Once logged in goes to whatever you have in your vhm
http://www.domain_one.com    /site1 in vhm
http://www.domain_two.com    /site2 in vhm

in vhm you'd have:
www.domain_one.com           /site1
www.mysecure_domain/site1    /site1
www.domain_two.com           /site2
www.mysecure_domain/site2    /site2

The problem here will be the session since when you login secure and
switch back to the regular site, your ssl session will expire
automatically but you'll need to pass it to nonssl to stay alive when
you go back to nonssl. I think a solution might be to store it, go to
nonssl and then retreive it when you do your redirect back to non-ssl. I
have not tried this yet. Alternatively you could always stay in ssl from
that point forward. Any technique from someone on this would be helpful
since I am also interested in what possibilities there might be.

This should not give you a problem with the cert because identity on
cert would match the ip. I think otherwise you are in a situation where
you will need a dedicated server setup to have one ip per site and then
you can just do a single rewrite per ip or use chained ssl if you have
sub domains that you want to tie together under a single cert over one
or more ips on one or more servers.


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to