[Gllug] Couple of questions about HTTPS

Jason Clifford jason at ukpost.com
Thu Nov 18 09:08:17 UTC 2004 

On Wed, 17 Nov 2004, Richard Jones wrote:

> (1) The easiest way for us to deploy it is to have the images sent
> over SSL.  The reason is that the <img> links are all site-relative
> (/image/foo.gif instead of http://example.com/image/foo.gif), and
> changing it to work any other way is a pain.  Is this going to be a
> problem, load-wise?  Does anyone have any experience on how this
> scales?

Don't do it. Most common browsers will raise a security warning message 
about content from an unprotected source. This will not inspire confidence 
in the site.

> (2) We need to get a certificate, and last time I looked into this,
> one needed to get a separate certificate for each and every site,
> _and_ run them all on separate IP addresses.  Running the sites on
> separate IP addresses isn't an option for us.  Paying lots of money
> for a certificate for each site also isn't an option.  Can we run them
> on the same IP address and either share a certicate or get very cheap
> / free certificates?  The site names aren't related to each other -
> for example although we run lots of *.team-notepad.com and
> *.merjis.com sites, we also host intranets for companies as
> "intranet.company.com" and a ton of other random domains.

HTTP over SSL doesn't support HTTP/1.1 so you can only serve one site per 
IP/Port combination. In practice this means you use a separate IP address 
per distinct site because you cannot rely upon users being able to access 
irregular ports.

You can obtain a wildcard SSL certificate however you are then stuck using 
the base higher level domain name for all sites (ie everything has to be 
in the form *.example.com). This can be made to work if you register a 
generic domain and then use the client site name as the host part of the 
name.

My opinion is that this isn't worth the hassle. SSL Certs cost less than 
£70 a year (from us if you want ;) ) and can be obtained in about 15 
minutes.

Jason Clifford
-- 
UKFSN.ORG		Finance Free Software while you surf the 'net
http://www.ukfsn.org/	   ADSL Broadband from just £21.50 / month 

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list