Comments on: computerdefense.org SSL Fail Image http://www.sslfail.com/2009/01/computerdefense-ssl-fail-image/ 1.2.840.113549.1.1 Thu, 01 Jul 2010 03:13:58 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Michael Dickey http://www.sslfail.com/2009/01/computerdefense-ssl-fail-image/comment-page-1/#comment-8 Michael Dickey Tue, 13 Jan 2009 21:24:26 +0000 http://www.sslfail.com/?p=112#comment-8 I sort of ask because I know what my answer would be: I can't. :) Maybe Apache can twiddle it with vhosts and stuff, but I know my popular load-balancer and IIS both can't have different SSLs on the same site with two different host headers. At least not without getting crazy complex very quick. You'd probably need to host the site "blah.com" with a real cert named "blah.com" and once the connection is established, http redirect to "www.blah.com:443." Or reject the initial SSL attempt and redirect "blah.com:443" to "www.blah.com:443" Or maybe have two separate virtual hosts/servers that point transparently back to the same site. But the site better be coded to accept that discrepancy! All of that is a huge pain to manage. "www.site.com and site.com are easy pickings for this simple reason. I sort of ask because I know what my answer would be: I can’t. :)

Maybe Apache can twiddle it with vhosts and stuff, but I know my popular load-balancer and IIS both can’t have different SSLs on the same site with two different host headers. At least not without getting crazy complex very quick. You’d probably need to host the site “blah.com” with a real cert named “blah.com” and once the connection is established, http redirect to “www.blah.com:443.” Or reject the initial SSL attempt and redirect “blah.com:443″ to “www.blah.com:443″

Or maybe have two separate virtual hosts/servers that point transparently back to the same site. But the site better be coded to accept that discrepancy!

All of that is a huge pain to manage.

“www.site.com and site.com are easy pickings for this simple reason.

]]> By: romain http://www.sslfail.com/2009/01/computerdefense-ssl-fail-image/comment-page-1/#comment-5 romain Tue, 13 Jan 2009 18:50:38 +0000 http://www.sslfail.com/?p=112#comment-5 If you are on a shared, I believe you cannot even do that (disable 443) If you are on a shared, I believe you cannot even do that (disable 443)

]]> By: Tyler http://www.sslfail.com/2009/01/computerdefense-ssl-fail-image/comment-page-1/#comment-4 Tyler Tue, 13 Jan 2009 17:15:35 +0000 http://www.sslfail.com/?p=112#comment-4 Excellent Question :) I don't know that I actually have access to fix that (that particular site exists on shared hosting and not on my server). I'm going to investigate though and see if I can either get another SSL Cert, or disable ComputerDefense.org on port 443. Excellent Question :)

I don’t know that I actually have access to fix that (that particular site exists on shared hosting and not on my server).

I’m going to investigate though and see if I can either get another SSL Cert, or disable ComputerDefense.org on port 443.

]]> By: Michael Dickey http://www.sslfail.com/2009/01/computerdefense-ssl-fail-image/comment-page-1/#comment-3 Michael Dickey Tue, 13 Jan 2009 16:13:43 +0000 http://www.sslfail.com/?p=112#comment-3 Just an interesting question: How would you fix that? :) Just an interesting question: How would you fix that? :)

]]>