[Show all top banners]

Mukurdhom
Replies to this thread:

More by Mukurdhom
What people are reading
Subscribers
Subscribers
[Total Subscribers 1]

malekhu2009
:: Subscribe
Back to: Computer/IT Refresh page to view new replies
 SSL Certificate help
[VIEWED 7032 TIMES]
SAVE! for ease of future access.
Posted on 07-17-12 10:30 AM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

Fellow Sajha friends
 
I am in the process of developing Facebook apps for client(s) that runs on iFrame. Since last October, Facebook requires a secure connection to run app. Not sure how to handle this situation as our entire clients website run on same server.  

This app will be used by only few clients. I did some Google about the SSL certificate types. Looks like multi-domain Certificate might work (Not sure though).  What kind of setup is required on Load balancer? And also I think I need to reconfigure the IIS on webserver to support secure request.  Please suggest.


There is a single website setup on IIS. Based on the URL requested, the code pulls the settings from the database and displays website. For example, if the request is domain1.com, the code will pull only setting for domain1 and displays the content on domain1.com. If the request URL is domain2.com, it pulls the setting only for domain2 and displays the content on domain2.com

domain1.com/ social/facebookapp

domain2.com/social/facebookapp

Any suggestions will be highly appreciated. 

Thank you


 

Last edited: 17-Jul-12 03:08 PM

 
Posted on 07-17-12 11:06 AM     [Snapshot: 29]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

@mukurdhom,

Load balancers typically have SSL termination capability, and can have wildcard certs configured directly on them.

If your LBs don't have SSL support, you can submit individual certificate requests to a CA (Certificate Authority) for each subdomain/server -- which may add management burden and possibly cost more, in comparison to adding SSL termination support to the LBs.

Since your infrastructure already has a load balancer, I'd look into applying an wildcard cert, and call it a day!

Not sure what LB product your firm uses, the concept and process outlined below are pretty standard across the board:
 
http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6823.html

Hope this helps!

~@~


Last edited: 17-Jul-12 11:13 AM

 
Posted on 07-19-12 1:02 PM     [Snapshot: 164]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

@ Mukurdhom ,
   
      Since your diagram shows domain1 , domain2 etc.. , wild card certificate would not work , however multi-domain ssl certificate would work. Or in another case, you would have to get SSL Cert for individual domain and since they seem to be hosted on the same webservers , you would have to use multiple IPs on the web servers for each website. It's a little more complicated to support different SSL Certificates on the same IP.

Thanks
Nishant

 
Posted on 07-19-12 3:54 PM     [Snapshot: 210]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

If those are separate domains -- then wildcard cert is indeed not the solution. 

My impression, from "There is a single website setup on IIS.." is that there's a single domain (with multiple subdomains) associated with the site.

If there's a way to get the client(s) trust self-signed certs, you could establish your own certificate authority, and generate certificates. It's mostly feasible in a proxy'd environment, as you only need to make the proxy trust that cert, and have the trust inherit down to the browsers.   

~@~

 
Posted on 07-19-12 6:36 PM     [Snapshot: 260]     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

 I don't know so much about how it is done through load balancers but you can give a try to the following:
1. Install the certificates to the "Local Computer".
2. Import the certificates to the IIS.
3. Assign www.domain1.com certificate to the www.domain1.com website.
4. Require IIS to have secure connection.

If you tell me the OS and IIS version, i might be able to give a more detailed response.
The load balancers have a lot of capabilities. This might be also done easily from the load balancer.

 


Please Log in! to be able to reply! If you don't have a login, please register here.

YOU CAN ALSO



IN ORDER TO POST!




Within last 200 days
Recommended Popular Threads Controvertial Threads
TPS Re-registration case still pending ..
ChatSansar.com Naya Nepal Chat
Toilet paper or water?
TPS EAD auto extended to June 2025 or just TPS?
Biden out, Trump next president, so what’s gonna happen to TPS, termination?
and it begins - on Day 1 Trump will begin operations to deport millions of undocumented immigrants
Tourist Visa - Seeking Suggestions and Guidance
From Trump “I will revoke TPS, and deport them back to their country.”
I hope all the fake Nepali refugee get deported
Anybody gotten the TPS EAD extension alert notice (i797) thing? online or via post?
advanced parole
TPS Renewal Reregistration
Sajha Poll: Who is your favorite Nepali actress?
Biden said he will issue new Employment visa for someone with college degree and job offers
Why Americans reverse park?
Nepali Passport Renew
Driver license help ASAP sathiharu
They are openly permitting undocumented immigrants to participate in federal elections in Arizona now.
ढ्याउ गर्दा दसैँको खसी गनाउच
To Sajha admin
NOTE: The opinions here represent the opinions of the individual posters, and not of Sajha.com. It is not possible for sajha.com to monitor all the postings, since sajha.com merely seeks to provide a cyber location for discussing ideas and concerns related to Nepal and the Nepalis. Please send an email to admin@sajha.com using a valid email address if you want any posting to be considered for deletion. Your request will be handled on a one to one basis. Sajha.com is a service please don't abuse it. - Thanks.

Sajha.com Privacy Policy

Like us in Facebook!

↑ Back to Top
free counters