 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / December 20042 domain names, 1 IP, one SSL cert
I have a web server with 2 domain names, one IP and a single SSL cert. Domain name one has the SSL cert, but domain name two doesn't. domain name one is the actual domain name of the server, domain name two is more of an alias to one site on the server. Therefore, a url on domain name one and another url on domain name two actually point to the same site. so http://www.domainnameone.com/some/long/site points to the same place as http://www.domainnametwo.com The site on domain name two requires secure transactions of passwords and user names (via form authentication and LDAP). However, this is the only secure transaction required. Everything else doesn't need to be secure. Howeer, is it possible to some how piggyback on the SSL cert of the first domain name, pass the transaction securely, yet not have the web browser of the users complain that the domain name doesn't match? I might be wrong on this, Awhile ago when I was playing with php and ssl certs for shopping carts, I couldn't even use the domain name it was made for without the www subdomain in front of the domain name or it would complain about the ssl cert. The way I always fixed this problem is gathered as much insecure data as possible, then redirected the user and data to the domain name that is designated for the ssl cert. I don't believe there is any other way to do it without having the browser complain about the ssl cert. The browsers do this for a reason so noone can hi-jack the ssl cert. Hrm interesting. Actually it appears as though the method that hotmail uses does exactly what I need.. Any idea how hotmail does it? > I have a web server with 2 domain names, one IP and a single SSL cert. > [quoted text clipped - 12 lines] > domain name, pass the transaction securely, yet not have the web browser of > the users complain that the domain name doesn't match? Are you sure Hotmail does this? Can you point us to the page that actually implements this on the hotmail.com site? It maybe that Hotmail is using a wildcard certificate -or- it could be that Hotmail.com has multiple certificates (one for each address) -or- it could be that Hotmail uses a set of redirection logic and cookies to do what it does. Cheers Ken > Hrm interesting. > Actually it appears as though the method that hotmail uses does exactly [quoted text clipped - 22 lines] >> of >> the users complain that the domain name doesn't match? hotmail has multiple subdomains under hotmail.com for their load balancing. I imagine the cert is for hotmail.com and once you are authenticated you are redirected to a load balance server i.e.: server01.hotmail.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.