开发者

static IP address, ssl certificate, and the root of all evil

I have a question, I fear the answer.

I have: a top level domain name (free from Tokelau, a territory of New Zealand, .tk, where else?), a free 2 year ssl certificate from startSSL.com, a free hosting package.

Now I jumped through every hoop startSSL wanted (admittedly wasn't too difficult), to get me my 2 year ssl certificate, and now I fear I have encountered a final barrier to success that might still stall my plans. I dreamt of a corner certificate stating "Secured by startSSL". I got the code开发者_如何学运维 snippet and everythings, and have pasted it into my website.

Problem. my host is not so keen on a free package to allow me to ssl. As far as I know you need access to some config files to allow this to happen? or can you just like with .htaccess and .htpassword files do the setting on your webhost?

Also you need a static IP. Are there any workarounds?

Or am I dreaming? Anyone with advice?


SSL Requires some files and configuration changes, pointing to the files.

Also, the static IP is required because with an encrypted request, there's no way to know to what host the request is intended without decryption. The use of a static IP address gives that request a destination.

To clarify: when using virtual hosts, multiple hosts will share the same IP address, so when a request comes in, the first two lines are:

GET /path/to/resource HTTP/1.1
Host: www.example.com

Apache (or any web server), looks at the 'Host' field to determine how to route the request. If the request is encrypted, there's no way to determine how to route the request, and you need to know what certificate to use in order to decrypt it.


Forget it. If your host doesn't have SSL configured, you have no chance to add it without their help


There are two problems with your proposed set-up.

  1. Free hosts generally don't provide a control panel interface to allow installation of SSL Certificates (at least I've never seen it) as this requires either their help on the back-end or VPS / Dedicated Server access from the front-end.

  2. Static IP address is a must for SSL certificate installation.


From webserver perspective, SSL cert is about a port and an IP address, even when being used with Name-based virtual hosts.

SSL is about the IP the matching the cert and domain in the URL/request(to verify the cert).

You would have to give a second SSL cert different port or different IP address on the webserver.

Alternatively, you can also get multi-domain and wildcard certs that allow different hostnames or domains to match the cert with different client request URLs, but the cert is still the only thing on that port/IP of the webserver.

Just my $.02

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜