NYCPHP Meetup

NYPHP.org

[joomla] SSL virtual hosting

Scott Wolpow scott at wolpow.com
Mon Nov 25 10:55:21 EST 2013 

For this purpose a self signed could work.
But if you have email issues with Outlook or with Merchant Services you 
need to list with an authority site.
SW
On 11/25/2013 10:36 AM, Mark Holberg wrote:
> Gary,
>
> Do you recommend an SSL  be purchsed for every site? Or would 
> self-signed certificates be acceptable?
>
> If there is an SSL covering the entire server, accessing the Joomla 
> login  page  via the virtual directory can be done securely. That is, 
> if you have not canonicalized the site's default URL using .htaccess
>
> Mark
>
>  On 11/25/2013 8:39 AM, Gary A. Mort wrote:
>> I hadn't looked at how SSL works on web servers for a number of 
>> years.  The last time I worked with SSL the common rule was that you 
>> had to have a  distinct IP address for every domain name that you 
>> wanted to use SSL for[so you could have an SSL certificate for each 
>> different domain]
>>
>> Heck, even the Apache Wiki still states it in some places:
>> http://wiki.apache.org/httpd/NameBasedSSLVHosts
>>
>> However, when poking around I ran across references to SNI and using 
>> multiple certificates for the same IP Address. 
>> http://www.ietf.org/rfc/rfc4366.txt This dates all the way back to 
>> 2006, so it has been around for quite a while!
>>
>> Browser support for it goes back a good way as well:
>> http://en.wikipedia.org/wiki/Server_Name_Indication#Browsers_with_support_for_TLS_server_name_indication.5B6.5D
>>
>> Interestingly, for Internet Explorer it isn't the browser version 
>> which matters, but the operating system, IE uses the operating system 
>> to perform SSL encryption.  This means that it won't work in IE on 
>> Windows XP or any earlier windows operating system.  It will work for 
>> Internet Explorer on Windows Vista[released in 2007] and any later 
>> windows operating system.
>>
>> As such, it's a fair to say that SSL for virtual hosts will work for 
>> almost all users these days - and there is no reason not to enforce 
>> the use of SSL for the Joomla Admin section as well as make sure that 
>> all your admin users, at the very least, use SSL when they log on to 
>> your websites.
>>
>> This may be old news to everyone here, but since it was new to me I 
>> figured I'd pass it on.
>>
>>
>> _______________________________________________
>> New York PHP SIG: Joomla! Mailing List
>> http://lists.nyphp.org/mailman/listinfo/joomla
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-- 
Scott Wolpow
718 275 7765
-------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20131125/4ecb8bc7/attachment-0001.html>

More information about the Joomla mailing list