Amos Shapira wrote:
How about allocating a separate TCP port for each site and maybe redirect from
a plain HTTP concentrator:
This will work, but it has the disadvantage of not being able to pass
strict firewalls (which only pass port 80 and 443) and most HTTP proxies
(which are configured to allow SSL proxying[1] for only a handful of ports).
You mean client-side "personal" firewalls? Corporate LAN firewalls? or what?
I was thinking of corporate firewalls -- environments where the web user
does not have much influence about what does and doesn't pass through.
So how about Gil's original question - redirecting to multiple paths under
same SSL host:
https:master.site.com/site1/...
https:master.site.com/site2/...
I think many cheapo hosting solutions do that -- hosting your commerce
site under their own umbrella. If the hosting purchases a wildcard
certificate (which has "*.cheaphost.com" in its Common Name field), they
could even offer https://gil-shop.cheaphost.com/ without any additional
fees. Of course, the whole issue of PKI trust evaporates in this setup;
I mean, the certificate proves that cheaphost.com is a valid legal
entity, but would Cheaphost ever be held responsible for representing a
non-legitimate commerce site with their own certificate (e.g.
https://www.cheaphost.com/suckers-shop/)? Doubt it.
Anyway, technically it's a valid solution and has more vitality than the
'nonstandard HTTPS ports' approach.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
