2 domain names, 1 IP, one SSL cert

A

Andy

I have a web server with 2 domain names, one IP and a single SSL cert.

Domain name one has the SSL cert, but domain name two doesn't.

domain name one is the actual domain name of the server, domain name two is
more of an alias to one site on the server. Therefore, a url on domain name
one and another url on domain name two actually point to the same site.
so http://www.domainnameone.com/some/long/site points to the same place as
http://www.domainnametwo.com


The site on domain name two requires secure transactions of passwords and
user names (via form authentication and LDAP). However, this is the only
secure transaction required. Everything else doesn't need to be secure.
Howeer, is it possible to some how piggyback on the SSL cert of the first
domain name, pass the transaction securely, yet not have the web browser of
the users complain that the domain name doesn't match?
 
D

DKode

I might be wrong on this,

Awhile ago when I was playing with php and ssl certs for shopping
carts, I couldn't even use the domain name it was made for without the
www subdomain in front of the domain name or it would complain about
the ssl cert. The way I always fixed this problem is gathered as much
insecure data as possible, then redirected the user and data to the
domain name that is designated for the ssl cert. I don't believe there
is any other way to do it without having the browser complain about the
ssl cert. The browsers do this for a reason so noone can hi-jack the
ssl cert.
 
A

Andy

Hrm interesting.
Actually it appears as though the method that hotmail uses does exactly what
I need..
Any idea how hotmail does it?
 
K

Ken Schaefer

Are you sure Hotmail does this? Can you point us to the page that actually
implements this on the hotmail.com site?

It maybe that Hotmail is using a wildcard certificate -or- it could be that
Hotmail.com has multiple certificates (one for each address) -or- it could
be that Hotmail uses a set of redirection logic and cookies to do what it
does.

Cheers
Ken
 
D

DKode

hotmail has multiple subdomains under hotmail.com for their load
balancing. I imagine the cert is for hotmail.com and once you are
authenticated you are redirected to a load balance server i.e.:
server01.hotmail.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multiple Web Site Hosting in IIS With Multiple Domain Names 0
SSL Cert authentication: Need to install client cert? Or can I just upload the cert? 1
SSL Forms Login for multiple sites 2
client ssl verification 0
Client Cert Doesn’t work after Deployment 2
Impersonation with users of 2 domain (nor trusted) 0
LogonUser() fails on same domain 0
Auto redirect http to https 1

Members online

Total: 29 (members: 1, guests: 28)
Robots: 312

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,007
Latest member
obedient dusk

Latest Threads

Top