Forum: Ruby on Rails SSL and domain as account key

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Kris L. (Guest)
on 2006-02-14 11:04
Say I have an hosted application which allows the user to use their own
domain name (company.com) to access it, and that application must be
accessed over SSL, how do you go about our SSL certificate not being
registered to their domain. Sure the connection will be safe but the
browser will pop up a warning saying the certificate is invalid for this
domain.

I dont think this problem occur for sub domains (company.ourdomain.com),
I think you can register a wildcarded SSL cert which means it would
apply to *.domain.com. This allow you to use the subdomain as the
account key over SSL.

But what like the first example you want to you the whole domain?

Many thanks, Kris.
Jon Evans (Guest)
on 2006-02-14 16:13
(Received via mailing list)
Hi Kris,

On 14 Feb 2006, at 09:04, Kris L. wrote:

> (company.ourdomain.com),
> I think you can register a wildcarded SSL cert which means it would
> apply to *.domain.com. This allow you to use the subdomain as the
> account key over SSL.
>
> But what like the first example you want to you the whole domain?

It's not possible.  You need their certificate on your server.

There is another implication as well, you can't use vhosts with SSL
certificates.  This is because the browser and server negotiate an
encrypted connection *before* the browser tells the server which URL
it wants to load.  So you can only have one IP per certificate.

Could you use *.yourgenericname.com, e.g.
theircompanyname.yourgenericname.com?

If not, the only way is to get them to give you a certificate pair.

Jon
Md Mooktakim A. (Guest)
on 2006-02-14 16:13
(Received via mailing list)
You could setup virtual hosts using IP and then you'll be able to
provide SSL for each
of the domains. But instead of having a document root for each they all
use the same
document root.

Essentially it will be multiple virtual ip hosts sharing the same
document root.

On Tue, February 14, 2006 9:04 am, Kris L. wrote:
> But what like the first example you want to you the whole domain?
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>


--
Website: http://www.mooktakim.com
email: removed_email_address@domain.invalid
Theodore M. (Guest)
on 2006-02-14 16:48
(Received via mailing list)
How does basecamp handle it? One of the plans offers SSL and it uses
subdomains. Do you think they bought a bundle of certs and just
auto-create it on the fly?
Jonas Elfström (Guest)
on 2006-02-14 16:57
(Received via mailing list)
On 2/14/06, Theodore M. <removed_email_address@domain.invalid> wrote:
> How does basecamp handle it? One of the plans offers SSL and it uses
> subdomains. Do you think they bought a bundle of certs and just
> auto-create it on the fly?

Probably with a wildcard certificate.
http://www.google.com/search?q=+wildcard+certificate

--
Jonas
Elfström
Kris L. (Guest)
on 2006-02-14 18:56
Thanks for replies.

As well as basecamp which uses the wildcard type certs there is shopify,
which I dont think is open to the public yet, but it allows you to
"bring your own domain".
http://blog.jadedpixel.com/articles/2006/01/24/how...

So I would guess that shopify, which is a hosted commerce application,
is not run over SSL or the pages that are SSL are on the same domain.

Any ideas?


Cheers Kris.
This topic is locked and can not be replied to.