What is the purpose of the shared SSL option?
I’m using the extension on a WP Network, meaning that the main domain’s certificate is used and I get warnings when connecting to the mapped domains. Is that option trying to fix this?
If your website is http://www.example.com and your SSL certificate is a shared certificate at http://ssl-account.com/example.com, then you could turn on the Shared SSL option and enter that as your Shared SSL Host and it should solve your issues with warnings.
That’s the idea anyways. If you run into issues, let me know. This part of the plugin is very new and has only been testing one one site (that I know of). If anyone has used the plugin for Shared SSL successfully, I’d like to see it. 🙂
Thanks for downloading!
Well, you can’t use just any SSL, you have to be sure that it is a Shared SSL that you are allowed to use. I’ve never used one personally, but I hear that’s how it works. 😛
When writing this addition to the plugin, I actually used a user’s site to test and debug.
Maybe we don’t have the same definition?
To me, a shared cert is the one attached to an IP or a vhost. No matter which domain name you’re using, the web server will always present you that one cert that was assigned to that IP/Vhost.
In this example, the cert will only be valid for http://www.shared.domain.com or shared.domain.com
<VirtualHost IP:443 >
Is the plugin trying to load content using shared.domain.com while maintaining links with the proper URL?
In my tests, all the links were using otherdomain.com
Yes, the plugin uses the Shared SSL Host as a proxy. If your Shared SSL is issued through simply going to https://www.yoursite.com you don’t need this option.
Like I said, I’ve never used them so my terminology and such might be off, but I know this worked for one site, so there must be other sites that need this functionality.
Maybe I should change the wording if it is misleading?
Oh, maybe I see what you mean.
Let’s say I have http://domain.com, but I have a secure form on the site that I want to make accessible via SSL.
If my web host allows me to use a shared cert, then I would type it in the preferences and I would automatically be redirected to https://shared.webhost.com on that specific secure form page.
If I have my own cert, then I wouldn’t need this, it would automatically be used when going to https://domain.com
You got it. I’m actually asking the author of the test site I used if I can post his site as an example so that people can see it in action.
So, say you had something like a checkout page at http://www.example.com/checkout/, that you wanted to be secure, and your host provides a Shared SSL. You could simply enable this option, type in the shared ssl host (example: https://shared.webhost.com/example.com) and when someone hits http://www.example.com/checkout/ they will be redirected to https://shared.webhost.com/example.com/checkout/.
It also fixes images, stylesheets, scripts, etc. in the same fashion.
Hey, he finally gave me the OK to use his site as an example.
You can go to http://www.horizonte.com/en-german-courses/enrolment-for-a-german-course and you’ll see it redirect to https://ssl-account.com/horizonte.com/en-german-courses/enrolment-for-a-german-course. Redirects also work when going from HTTPS to HTTP.
Nice touch for people who can’t afford to get their own IP address or who want to have a secure page while their blog is hosted on a WP Network. 🙂
I’m also trying to use the Shared SSL option as I run a small club website
and we don’t really want to splash out on our own Cert; plus we’d need to upgrade our hosting to a fixed IP.
I would like to secure the login page only, just so that login credentials are not interceptable if a User logins via a dodgy network. Not too worried about the rest of the content.
To this end, I put a link on the site to the login page via our shared SSL host
But it appears default Worpress behaviour is to force all links and submits to the main domain
which of course breaks the SSL authentication.
So I thought your plugin with the Shared SSL option was just what I was looking for.
But this doesn’t seem to be happening i.e the Shared SSL host name is not being automatically prepended to URLS within the page
I’ve also enabled “Disable Automatic HTTPS”
Is this how the plugin is supposed to work and is it possible to do do what I’m trying to do ?
The plugin cannot do this in its current state, but it most certainly can with modifications.
I’ll work this into the next update, which I’m hoping to get out in the next few days. I’ll post in this topic when I push out the new version, and we’ll see if it works for you.
Thanks for downloading!
Ok thanks Mvied, I look forward to your mods.
But I’m still wondering how the horizonte site achieved the redirect on that specific page, as that seems to have the correct urls for the Shared SSL host ??
They also have normal non-https pages, so that method would probably work for me too.
Horizonte used the ‘Shared SSL’ option. In your cause, you would enable that option and type ‘https://delta.justhostme.co.uk/~mkivcorg/phoenix’ for your ‘Shared SSL Host’.
However, this will only work for forcing pages and posts to SSL, not necessarily login pages and such. That’s why I need to add some functionality to the plugin.
Thanks for your advice Mvied.
As it happens I’m now using the Admin-SSL plugin to do exactly what was required, w.r.t. Shared SSL.
- The topic ‘[Plugin: WordPress HTTPS] What is the purpose of the shared SSL option?’ is closed to new replies.