SSL-cert

Post here for help with installing or upgrading mojoPortal pre-compiled release packages. When posting in this forum, please provide all relevant details. You may also want to review the installation or upgrading documentation.

If you have questions about using the source code or working with mojoPortal in Visual Studio, please post in the Developer forum.

Post here for help with installation of mojoPortal pre-compiled release packages

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.

You may also want to review the installation or upgrading documentation.

If you have questions about using the source code or working with mojoPortal in Visual Studio, please post in the Developer forum.

This thread is closed to new posts. You must sign in to post in the forums.
9/29/2006 11:59:48 PM
Christian Fredh
Gravatar
Total Posts 68
View Posts

SSL-cert

Hi!
On some hosting companies, you can use a pre-installed SSL-cert, ie if your domain is: "http://www.mydomain.com" your can use a SSL-cert like this: "https://www.mydomain.secure.com". Is it possible to use mojoportal (with SSL) on an environment lika this?

Thanks,
Christian
9/30/2006 1:48:03 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: SSL-cert

Hi Christian,

Are you saying there would be a different domain for secure vs non-secure pages?

I guess the answer is I don't know as I'm not familiar with that kind of ssl arrangement. I would think being authenticated against secure.com is not the same as being authenticated against mydomain.com and would result in different cookies and I wouldn't think that would work but not for any reason specific to mojoPortal. If the whole site is at secure.com, then yes I think it should work.

If you try it let me know.

Thanks,

Joe

9/30/2006 2:13:53 AM
Christian Fredh
Gravatar
Total Posts 68
View Posts

Re: SSL-cert

Yes, some hosts provide SSL-cert for all customers/sites ready to use, and to use it you use a different address, but points to the same path.

I have used cs-cart (www.cs-cart.com, which have many nice features by the way) to set up an web-shop a while ago, and to install you were given the option to enter a secure-url, (if you didnt it used the usual "https://www.mydomain.com"), but the option were there. The host i installed it on was using different urls for non-secure and secure. Maybe this can be a solution if it doesnt work now?

I think I will test this if I have the time, ill let you know if it worked.

Best Regards,

Christian
9/30/2006 2:26:52 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: SSL-cert

It might work for a shopping cart but you would authenticate for purposes of checkout and that would be different than authenticating for the main site. I once had something like this at Cafe Press where I integrated a Rainbow portal site with Cafe Press shop but logging into the site is not the same as logging into the store. I think it is the same with PayPal, you have to re-authenticate against a PayPal domain because auhtentication is not shared accross domains. I still say you could not login to mojoportal.secure.com and then still be authenticated when you go to mojoportal.com. If that were possible the internet would be very insecure indeed.

A shopping cart integrated into the same domain would share the same authentication but not a different domain.

Joe
9/30/2006 2:31:41 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: SSL-cert

Or with some shopping carts you may not need to authenticate at all, it just uses ssl to secure all transmissions and for each order you would have to enter all the information needed. Something like this would not support coming back later to check on order status though, for that you would need some authentication method.

So there is a difference between securing a login page for a site which establishes authentication vs just securing data transmission accross the wire. Authentication must happen in the same domain.

Joe
You must sign in to post in the forums. This thread is closed to new posts.