Alias in conf file to send users to httpS://

08/05/2007, 15h40

I have a virtual dedicated server at a hosting company where I host several
domains.

In order to get an SSL cert, it has to be for the one main account which is
mydomain.com. I have a new client that needs to have an order and credit
card page acceptance page which, of course, needs SSL. Can I add an Apache
Alias command in the conf file that would make the users of
http:domainA.com see httpS:domainA.com using the SSL cert for mydomain.com?

Something like in their vhost section:
Alias /orders https://mydomain.com

I think SSL adds to the complexity but wondered if that would work or if you
know of a work-around?

Many thanks.

08/05/2007, 15h59

On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote:
> I have a virtual dedicated server at a hosting company where I host several
> domains.
>
> In order to get an SSL cert, it has to be for the one main account which is
> mydomain.com. I have a new client that needs to have an order and credit
> card page acceptance page which, of course, needs SSL. Can I add an Apache
> Alias command in the conf file that would make the users of
> http:domainA.com see httpS:domainA.com using the SSL cert for mydomain.com?
>
> Something like in their vhost section:
> Alias /ordershttps://mydomain.com
>
> I think SSL adds to the complexity but wondered if that would work or if you
> know of a work-around?
>
> Many thanks.

> In order to get an SSL cert, it has to be for the one main account which is
> mydomain.com.

this isnt true actually. It can be for any domain. but see below, you
might be allowed this way only.

you cant use an alias in this way check the docs.
you could set up a redirect which would send your users to the https
site:
RedirectMatch ^/?orders https://mydomain.com/

if you just use the cert with a different domain name the user will
receive a warning, however it will be secure encryption, but just does
not provide identification.

When you set up SSL, visit http://www.cacert.org/ to grab
multiple certs for free.
http://wiki.cacert.org/wiki/VhostTaskForce
http://wiki.cacert.org/wiki/VhostsApache
tells you how to set it up so you can use name based vhosting and have
a cert for each servername on the same IP

whether you can do this however depends on how your hosting company
has set up your package. (I am assuming its a shared package and you
dont control the configuration of certs)

08/05/2007, 17h06

"shimmyshack" <matt.farey@gmail.com> wrote in message
news:1178636361.036723.168830@q75g2000hsh.googlegr oups.com...
> On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote:
>> I have a virtual dedicated server at a hosting company where I host
>> several
>> domains.
>>
>> In order to get an SSL cert, it has to be for the one main account which
>> is
>> mydomain.com. I have a new client that needs to have an order and credit
>> card page acceptance page which, of course, needs SSL. Can I add an
>> Apache
>> Alias command in the conf file that would make the users of
>> http:domainA.com see httpS:domainA.com using the SSL cert for
>> mydomain.com?
>>
>> Something like in their vhost section:
>> Alias /ordershttps://mydomain.com
>>
>> I think SSL adds to the complexity but wondered if that would work or if
>> you
>> know of a work-around?
>>
>> Many thanks.
>
>
>> In order to get an SSL cert, it has to be for the one main account which
>> is
>> mydomain.com.
>
> this isnt true actually. It can be for any domain. but see below, you
> might be allowed this way only.
>
> you cant use an alias in this way check the docs.
> you could set up a redirect which would send your users to the https
> site:
> RedirectMatch ^/?orders https://mydomain.com/
>
> if you just use the cert with a different domain name the user will
> receive a warning, however it will be secure encryption, but just does
> not provide identification.
>
> When you set up SSL, visit http://www.cacert.org/ to grab
> multiple certs for free.
> http://wiki.cacert.org/wiki/VhostTaskForce
> http://wiki.cacert.org/wiki/VhostsApache
> tells you how to set it up so you can use name based vhosting and have
> a cert for each servername on the same IP
>
> whether you can do this however depends on how your hosting company
> has set up your package. (I am assuming its a shared package and you
> dont control the configuration of certs)

Shimmy - thanks. It is not shared and actually, I think I can control my
own certs. I definitely control my own conf file. I'll check that out -
many thanks!

08/05/2007, 17h13

On May 8, 5:06 pm, "Paul" <l...@invalid.com> wrote:
> "shimmyshack" <matt.fa...@gmail.com> wrote in message
>
> news:1178636361.036723.168830@q75g2000hsh.googlegr oups.com...
>
>
>
> > On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote:
> >> I have a virtual dedicated server at a hosting company where I host
> >> several
> >> domains.
>
> >> In order to get an SSL cert, it has to be for the one main account which
> >> is
> >> mydomain.com. I have a new client that needs to have an order and credit
> >> card page acceptance page which, of course, needs SSL. Can I add an
> >> Apache
> >> Alias command in the conf file that would make the users of
> >> http:domainA.com see httpS:domainA.com using the SSL cert for
> >> mydomain.com?
>
> >> Something like in their vhost section:
> >> Alias /ordershttps://mydomain.com
>
> >> I think SSL adds to the complexity but wondered if that would work or if
> >> you
> >> know of a work-around?
>
> >> Many thanks.
>
> >> In order to get an SSL cert, it has to be for the one main account which
> >> is
> >> mydomain.com.
>
> > this isnt true actually. It can be for any domain. but see below, you
> > might be allowed this way only.
>
> > you cant use an alias in this way check the docs.
> > you could set up a redirect which would send your users to the https
> > site:
> > RedirectMatch ^/?ordershttps://mydomain.com/
>
> > if you just use the cert with a different domain name the user will
> > receive a warning, however it will be secure encryption, but just does
> > not provide identification.
>
> > When you set up SSL, visithttp://www.cacert.org/to grab
> > multiple certs for free.
> >http://wiki.cacert.org/wiki/VhostTaskForce
> >http://wiki.cacert.org/wiki/VhostsApache
> > tells you how to set it up so you can use name based vhosting and have
> > a cert for each servername on the same IP
>
> > whether you can do this however depends on how your hosting company
> > has set up your package. (I am assuming its a shared package and you
> > dont control the configuration of certs)
>
> Shimmy - thanks. It is not shared and actually, I think I can control my
> own certs. I definitely control my own conf file. I'll check that out -
> many thanks!

its as "simple" as creating an
admin@subdomain.servername.com
for each subdomain.servername.com you have
and adding that domain to your account.
then once you have done that you select which subdomains you wish to
include on the cert and generate the CSR, and away you go from there.
create a vhost section for each subdomain.servername.com and reference
the cert, it works like a charm even on one IP address, the only
downside is that you have to verify you own the domain by setting up
an email address temporariliy. That might change though soon.
good luck. m

09/05/2007, 16h03

>> > When you set up SSL, visithttp://www.cacert.org/to grab
>> > multiple certs for free.
>> >http://wiki.cacert.org/wiki/VhostTaskForce
>> >http://wiki.cacert.org/wiki/VhostsApache
>> > tells you how to set it up so you can use name based vhosting and have
>> > a cert for each servername on the same IP
>>
>> > whether you can do this however depends on how your hosting company
>> > has set up your package. (I am assuming its a shared package and you
>> > dont control the configuration of certs)
>>

Shimmy - I can't find much on whether cacert.org certificates are widely
pre-installed/accepted in brwosers or will the user receive a security
notification thus not making much difference than self-certifying.

Thanks again for you here!

09/05/2007, 18h19

On May 9, 4:03 pm, "Paul" <l...@invalid.com> wrote:
> >> > When you set up SSL, visithttp://www.cacert.org/tograb
> >> > multiple certs for free.
> >> >http://wiki.cacert.org/wiki/VhostTaskForce
> >> >http://wiki.cacert.org/wiki/VhostsApache
> >> > tells you how to set it up so you can use name based vhosting and have
> >> > a cert for each servername on the same IP
>
> >> > whether you can do this however depends on how your hosting company
> >> > has set up your package. (I am assuming its a shared package and you
> >> > dont control the configuration of certs)
>
> Shimmy - I can't find much on whether cacert.org certificates are widely
> pre-installed/accepted in brwosers or will the user receive a security
> notification thus not making much difference than self-certifying.
>
> Thanks again for you here!

supporting them is the same as rolling your won, except we move one
stage further towards main stream browser acceptance; here's the
official response to your query (answered on the mailing list on 3rd
mar 07):

-------
Well, if you want free certs there are two options: make your own CA,
or use CAcert. If you're only going to use the certificate internally,
there is no real advantage to CAcert certificates. If you're going to
use the cert on the web or to encrypt/sign e-mail or to sign documents
and code, then using CAcert is better. Why?

Once people decide to trust CAcert, by importing the root cert, and
many people already trust cacert implicitly as you can see in the link
I sent you, they will no longer get a warning on any CAcert
certificate they run into. But more importantly, they will also be
able to trust your identity, which is great for signed e-mails,
documents and code. That is something you can never provide yourself,
unless of course you only communicate with close friends.

So of course a cert which gives no warning message is far nicer, but
CAcert is the next best thing, and a nice option for many people. In
the past I used my own CA on my servers, but decided to switch to
CAcert because it provides a higher level of trust and authentication
than I can provide myself. It also s that I run various Linux
servers and desktops such as Debian and Gentoo, which both include
CAcert as trusted root.

Your situation may be different of course.

Greetings, Martijn
-----

the link he refers to is:
http://wiki.cacert.org/wiki/InclusionStatus
hope that s you with your decision, personally I decided to go
with it!!

heres the warning you get in opera, (you get the chance to press
accept - if a user reads it!)
----
- The certificate for "www.sharetvnews.com" is signed by the unknown
Certificate Authority "CA Cert Signing Authority". It is not possible
to verify that this is a valid certificate
----

08/05/2007, 15h40	#1
Paul Messages: n/a Hébergeur:	Alias in conf file to send users to httpS:// I have a virtual dedicated server at a hosting company where I host several domains. In order to get an SSL cert, it has to be for the one main account which is mydomain.com. I have a new client that needs to have an order and credit card page acceptance page which, of course, needs SSL. Can I add an Apache Alias command in the conf file that would make the users of http:domainA.com see httpS:domainA.com using the SSL cert for mydomain.com? Something like in their vhost section: Alias /orders https://mydomain.com I think SSL adds to the complexity but wondered if that would work or if you know of a work-around? Many thanks.

08/05/2007, 15h59	#2
shimmyshack Messages: n/a Hébergeur:	Re: Alias in conf file to send users to httpS:// On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote: > I have a virtual dedicated server at a hosting company where I host several > domains. > > In order to get an SSL cert, it has to be for the one main account which is > mydomain.com. I have a new client that needs to have an order and credit > card page acceptance page which, of course, needs SSL. Can I add an Apache > Alias command in the conf file that would make the users of > http:domainA.com see httpS:domainA.com using the SSL cert for mydomain.com? > > Something like in their vhost section: > Alias /ordershttps://mydomain.com > > I think SSL adds to the complexity but wondered if that would work or if you > know of a work-around? > > Many thanks. > In order to get an SSL cert, it has to be for the one main account which is > mydomain.com. this isnt true actually. It can be for any domain. but see below, you might be allowed this way only. you cant use an alias in this way check the docs. you could set up a redirect which would send your users to the https site: RedirectMatch ^/?orders https://mydomain.com/ if you just use the cert with a different domain name the user will receive a warning, however it will be secure encryption, but just does not provide identification. When you set up SSL, visit http://www.cacert.org/ to grab multiple certs for free. http://wiki.cacert.org/wiki/VhostTaskForce http://wiki.cacert.org/wiki/VhostsApache tells you how to set it up so you can use name based vhosting and have a cert for each servername on the same IP whether you can do this however depends on how your hosting company has set up your package. (I am assuming its a shared package and you dont control the configuration of certs)

08/05/2007, 17h06	#3
Paul Messages: n/a Hébergeur:	Re: Alias in conf file to send users to httpS:// "shimmyshack" <matt.farey@gmail.com> wrote in message news:1178636361.036723.168830@q75g2000hsh.googlegr oups.com... > On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote: >> I have a virtual dedicated server at a hosting company where I host >> several >> domains. >> >> In order to get an SSL cert, it has to be for the one main account which >> is >> mydomain.com. I have a new client that needs to have an order and credit >> card page acceptance page which, of course, needs SSL. Can I add an >> Apache >> Alias command in the conf file that would make the users of >> http:domainA.com see httpS:domainA.com using the SSL cert for >> mydomain.com? >> >> Something like in their vhost section: >> Alias /ordershttps://mydomain.com >> >> I think SSL adds to the complexity but wondered if that would work or if >> you >> know of a work-around? >> >> Many thanks. > > >> In order to get an SSL cert, it has to be for the one main account which >> is >> mydomain.com. > > this isnt true actually. It can be for any domain. but see below, you > might be allowed this way only. > > you cant use an alias in this way check the docs. > you could set up a redirect which would send your users to the https > site: > RedirectMatch ^/?orders https://mydomain.com/ > > if you just use the cert with a different domain name the user will > receive a warning, however it will be secure encryption, but just does > not provide identification. > > When you set up SSL, visit http://www.cacert.org/ to grab > multiple certs for free. > http://wiki.cacert.org/wiki/VhostTaskForce > http://wiki.cacert.org/wiki/VhostsApache > tells you how to set it up so you can use name based vhosting and have > a cert for each servername on the same IP > > whether you can do this however depends on how your hosting company > has set up your package. (I am assuming its a shared package and you > dont control the configuration of certs) Shimmy - thanks. It is not shared and actually, I think I can control my own certs. I definitely control my own conf file. I'll check that out - many thanks!

08/05/2007, 17h13	#4
shimmyshack Messages: n/a Hébergeur:	Re: Alias in conf file to send users to httpS:// On May 8, 5:06 pm, "Paul" <l...@invalid.com> wrote: > "shimmyshack" <matt.fa...@gmail.com> wrote in message > > news:1178636361.036723.168830@q75g2000hsh.googlegr oups.com... > > > > > On May 8, 3:40 pm, "Paul" <l...@invalid.com> wrote: > >> I have a virtual dedicated server at a hosting company where I host > >> several > >> domains. > > >> In order to get an SSL cert, it has to be for the one main account which > >> is > >> mydomain.com. I have a new client that needs to have an order and credit > >> card page acceptance page which, of course, needs SSL. Can I add an > >> Apache > >> Alias command in the conf file that would make the users of > >> http:domainA.com see httpS:domainA.com using the SSL cert for > >> mydomain.com? > > >> Something like in their vhost section: > >> Alias /ordershttps://mydomain.com > > >> I think SSL adds to the complexity but wondered if that would work or if > >> you > >> know of a work-around? > > >> Many thanks. > > >> In order to get an SSL cert, it has to be for the one main account which > >> is > >> mydomain.com. > > > this isnt true actually. It can be for any domain. but see below, you > > might be allowed this way only. > > > you cant use an alias in this way check the docs. > > you could set up a redirect which would send your users to the https > > site: > > RedirectMatch ^/?ordershttps://mydomain.com/ > > > if you just use the cert with a different domain name the user will > > receive a warning, however it will be secure encryption, but just does > > not provide identification. > > > When you set up SSL, visithttp://www.cacert.org/to grab > > multiple certs for free. > >http://wiki.cacert.org/wiki/VhostTaskForce > >http://wiki.cacert.org/wiki/VhostsApache > > tells you how to set it up so you can use name based vhosting and have > > a cert for each servername on the same IP > > > whether you can do this however depends on how your hosting company > > has set up your package. (I am assuming its a shared package and you > > dont control the configuration of certs) > > Shimmy - thanks. It is not shared and actually, I think I can control my > own certs. I definitely control my own conf file. I'll check that out - > many thanks! its as "simple" as creating an admin@subdomain.servername.com for each subdomain.servername.com you have and adding that domain to your account. then once you have done that you select which subdomains you wish to include on the cert and generate the CSR, and away you go from there. create a vhost section for each subdomain.servername.com and reference the cert, it works like a charm even on one IP address, the only downside is that you have to verify you own the domain by setting up an email address temporariliy. That might change though soon. good luck. m

09/05/2007, 16h03	#5
Paul Messages: n/a Hébergeur:	Re: Alias in conf file to send users to httpS:// >> > When you set up SSL, visithttp://www.cacert.org/to grab >> > multiple certs for free. >> >http://wiki.cacert.org/wiki/VhostTaskForce >> >http://wiki.cacert.org/wiki/VhostsApache >> > tells you how to set it up so you can use name based vhosting and have >> > a cert for each servername on the same IP >> >> > whether you can do this however depends on how your hosting company >> > has set up your package. (I am assuming its a shared package and you >> > dont control the configuration of certs) >> Shimmy - I can't find much on whether cacert.org certificates are widely pre-installed/accepted in brwosers or will the user receive a security notification thus not making much difference than self-certifying. Thanks again for you here!

09/05/2007, 18h19	#6
shimmyshack Messages: n/a Hébergeur:	Re: Alias in conf file to send users to httpS:// On May 9, 4:03 pm, "Paul" <l...@invalid.com> wrote: > >> > When you set up SSL, visithttp://www.cacert.org/tograb > >> > multiple certs for free. > >> >http://wiki.cacert.org/wiki/VhostTaskForce > >> >http://wiki.cacert.org/wiki/VhostsApache > >> > tells you how to set it up so you can use name based vhosting and have > >> > a cert for each servername on the same IP > > >> > whether you can do this however depends on how your hosting company > >> > has set up your package. (I am assuming its a shared package and you > >> > dont control the configuration of certs) > > Shimmy - I can't find much on whether cacert.org certificates are widely > pre-installed/accepted in brwosers or will the user receive a security > notification thus not making much difference than self-certifying. > > Thanks again for you here! supporting them is the same as rolling your won, except we move one stage further towards main stream browser acceptance; here's the official response to your query (answered on the mailing list on 3rd mar 07): ------- Well, if you want free certs there are two options: make your own CA, or use CAcert. If you're only going to use the certificate internally, there is no real advantage to CAcert certificates. If you're going to use the cert on the web or to encrypt/sign e-mail or to sign documents and code, then using CAcert is better. Why? Once people decide to trust CAcert, by importing the root cert, and many people already trust cacert implicitly as you can see in the link I sent you, they will no longer get a warning on any CAcert certificate they run into. But more importantly, they will also be able to trust your identity, which is great for signed e-mails, documents and code. That is something you can never provide yourself, unless of course you only communicate with close friends. So of course a cert which gives no warning message is far nicer, but CAcert is the next best thing, and a nice option for many people. In the past I used my own CA on my servers, but decided to switch to CAcert because it provides a higher level of trust and authentication than I can provide myself. It also s that I run various Linux servers and desktops such as Debian and Gentoo, which both include CAcert as trusted root. Your situation may be different of course. Greetings, Martijn ----- the link he refers to is: http://wiki.cacert.org/wiki/InclusionStatus hope that s you with your decision, personally I decided to go with it!! heres the warning you get in opera, (you get the chance to press accept - if a user reads it!) ---- - The certificate for "www.sharetvnews.com" is signed by the unknown Certificate Authority "CA Cert Signing Authority". It is not possible to verify that this is a valid certificate ----

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email