SSL and domain as account key


#1

Say I have an hosted application which allows the user to use their own
domain name (company.com) to access it, and that application must be
accessed over SSL, how do you go about our SSL certificate not being
registered to their domain. Sure the connection will be safe but the
browser will pop up a warning saying the certificate is invalid for this
domain.

I dont think this problem occur for sub domains (company.ourdomain.com),
I think you can register a wildcarded SSL cert which means it would
apply to *.domain.com. This allow you to use the subdomain as the
account key over SSL.

But what like the first example you want to you the whole domain?

Many thanks, Kris.


#2

Hi Kris,

On 14 Feb 2006, at 09:04, Kris L. wrote:

(company.ourdomain.com),
I think you can register a wildcarded SSL cert which means it would
apply to *.domain.com. This allow you to use the subdomain as the
account key over SSL.

But what like the first example you want to you the whole domain?

It’s not possible. You need their certificate on your server.

There is another implication as well, you can’t use vhosts with SSL
certificates. This is because the browser and server negotiate an
encrypted connection before the browser tells the server which URL
it wants to load. So you can only have one IP per certificate.

Could you use *.yourgenericname.com, e.g.
theircompanyname.yourgenericname.com?

If not, the only way is to get them to give you a certificate pair.

Jon


#3

You could setup virtual hosts using IP and then you’ll be able to
provide SSL for each
of the domains. But instead of having a document root for each they all
use the same
document root.

Essentially it will be multiple virtual ip hosts sharing the same
document root.

On Tue, February 14, 2006 9:04 am, Kris L. wrote:

But what like the first example you want to you the whole domain?
http://lists.rubyonrails.org/mailman/listinfo/rails


Website: http://www.mooktakim.com
email: removed_email_address@domain.invalid


#4

On 2/14/06, Theodore M. removed_email_address@domain.invalid wrote:

How does basecamp handle it? One of the plans offers SSL and it uses
subdomains. Do you think they bought a bundle of certs and just
auto-create it on the fly?

Probably with a wildcard certificate.
http://www.google.com/search?q=+wildcard+certificate


Jonas
Elfström


#5

Thanks for replies.

As well as basecamp which uses the wildcard type certs there is shopify,
which I dont think is open to the public yet, but it allows you to
“bring your own domain”.
http://blog.jadedpixel.com/articles/2006/01/24/how-domains-work-in-shopify

So I would guess that shopify, which is a hosted commerce application,
is not run over SSL or the pages that are SSL are on the same domain.

Any ideas?

Cheers Kris.


#6

How does basecamp handle it? One of the plans offers SSL and it uses
subdomains. Do you think they bought a bundle of certs and just
auto-create it on the fly?