I need to add SSL to parts of my app. The app’s structured so that
everything that needs to happen within SSL happens in one set of
controllers and the stuff that doesn’t happens in others. My business
model is to provide the app as a service with each customer getting
their own subdomain where each subdomain will have a similar
characteristic wrt secure vs. non-secure.
As I understand it, I need ‘single’ cert for my app, but will want /
need a ‘wildcard’ cert to handle the subdomains. My question is: can I
start with a single cert for my domain and later ‘upgrade’ that to the
wildcard version? Or will I replace the single with the wildcard? Or
will I have dug myself into a hole by starting with a single? Also, in
the subdomains, will it be possible to serve portions in secure mode and
others in non-secure?
As I understand it, I need ‘single’ cert for my app, but will want / need a
‘wildcard’ cert to handle the subdomains. My question is: can I start with
a single cert for my domain and later ‘upgrade’ that to the wildcard
version? Or will I replace the single with the wildcard? Or will I have
dug myself into a hole by starting with a single? Also, in the subdomains,
will it be possible to serve portions in secure mode and others in
non-secure?
If you’re using www.myapp.com as well as #{customername}.myapp.com,
you need a wildcard cert. If you have a single cert for www.myapp.com,
you’ll get warnings from the browser as soon as they try to access
#{customername}.myapp.com.
You can serve whatever you want using http, https or a combination of
both. link_to lets you select the protocol to use. The only thing to
be aware of is that browsers tend to throw up warnings when you try to
pull in http content into a page that was served over https.
Cheers,
Gareth
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.