On 28 January 2014 23:41, Andrea Pescetti <pesce...@apache.org> wrote:
> On 26/01/2014 jan i wrote: > >> *.openoffice.org can only be used for services located on apache hosts, >> we >> cannot give the certificate to e.g. sourceforge. >> > > OK. So this is clear: the fact that we do have a *.openoffice.orgcertificate > becomes irrelevant for this discussion since it cannot be used > for externally hosted sites anyway. Good. > > > However it would be >> possible to make a https: page under www.openoffice.org located on apache >> servers, that list extensions from e.g. sourceforge, meaning the >> extensions >> themself can be located outside apache (download will be http:// but >> lookup >> is https://). >> > > Besides the comment by Marcus, I think that here the idea is simply to be > able (I see it from the user's point of view) to offer login and sessions > over HTTPS at the same URL. So just like we moved > http://wiki.openoffice.org -> https://wiki.openoffice.org > keeping it on the same server, the idea would be to move > http://extensions.openoffice.org -> https://extensions.openoffice.org > but keeping it hosted where it is, not "mirrored" on the Apache servers. > > Now, would this need a specific certificate covering only > extensions.openoffice.org that can be requested (by whom? Apache?) and > then handed over to SourceForge? I have no idea if this is a feasible > solution, cost, effort, security considerations... Maybe there are other > examples of domains where the DNS zone is managed by Apache, but hosting is > external and HTTPS is available. we have wildcard certificate,so to my best knowledge we cannot in parallel have a specific certificate. DNS zone is not enough,the https endpoint need to be one of our proxy servers. Our proxy servers proxies the request to another (internal) url which do not have the openoffice certificate. This method would do the trix but all traffic would go through the proxy. Please remark this is not redirect so no ugly warning. rgds jan i > > > Regards, > Andrea. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
