How to get multiple sites on one server to use one SSL cert for login?
I have a site that lets users creat开发者_开发知识库e subsites and use their own domain with the subsite (kinda like Posterous). I'd like to use SSL to protect user logins on the subsites and I only want to use one SSL certificate. What's the best way to do this?
I know that one solution is to have the login page on each subsite be HTTP but then POST the subsite login form to one central HTTPS url on the main site. I also know that this is not as secure as serving the whole login page using HTTPS because you're vulnerable to man-in-the-middle attacks. Is there a better way?
If it helps, each subsite can be accessed at subsite.mainsite.com in addition to the custom url (subsite.org, or whatever they choose).
Update: a wildcard cert won't work for me because it only works for subsite.mainsite.com but I need it to also work for subsite.org. Also, I need to be able to secure new domains as new sites get created so the solution must be able to handle that (e.g. it cannot require that the domains to be SSLed are known in advance).
What you need is a "Wildcard SSL certificate" for subdomains. If you want several main domains to be covered by one certificate, CAs offer multiple domain certificates. See InstantSSL offering and other CAs have similar.
So called Wildcard Certificates, while more expensive are valid for *.domain.com
; e.g. http://www.rapidssl.com/buy-ssl/wildcard-ssl-certificate/
精彩评论