Re: SSL Forms Login for multiple sites

From: Geir Aamodt ("Geir)
Date: 02/21/05

Next message: Geir Aamodt: "Re: Controlling Page Access in .aspx page"
Previous message: Geir Aamodt: "Re: Secure and Non-Secure Items"
In reply to: JerryMorton233_at_mail.com: "SSL Forms Login for multiple sites"
Next in thread: JerryMorton233_at_mail.com: "Re: SSL Forms Login for multiple sites"
Reply: JerryMorton233_at_mail.com: "Re: SSL Forms Login for multiple sites"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Feb 2005 19:17:24 +0100

Jerry,

the short answer: No.

As you are saying, the SSL certificate are tied to one domain and this is
done for security reasons. Otherwise, you could have certificates saying
that
"I am site Y", when the site in reality is site X.

What you could try to do (depending on your application/system) is to create
a
common login service which, after successful login, redirects the users to
the correct
domain.

This would of course require a new "logon.yourdomain.com" which would handle
this.

-- 
Best regards,
Geir Aamodt
geir.aamodt(AT)bekk.no
<JerryMorton233@mail.com> wrote in message 
news:1108813638.870391.7790@c13g2000cwb.googlegroups.com...
> Hi,
> SSL newbie would love some advice :-)
>
> I have a server that hosts several independant domains (using host
> headers to differentiate them). Each domain runs an independant copy of
> the same ASP.NET application - this app uses forms-based authentication
> and a proprietary XML file on each site to authenticate users/passwords
> (i.e. each site has it's own set of users).
>
> I would like to implement SSL around the forms login page for each
> site, to protect the login process only.
>
> Since SSL is tied to a domain, is there a way I avoid having to buy an
> SSL cert for EACH domain?
>
> Thanks for any help!
> Jerry
>

Next message: Geir Aamodt: "Re: Controlling Page Access in .aspx page"
Previous message: Geir Aamodt: "Re: Secure and Non-Secure Items"
In reply to: JerryMorton233_at_mail.com: "SSL Forms Login for multiple sites"
Next in thread: JerryMorton233_at_mail.com: "Re: SSL Forms Login for multiple sites"
Reply: JerryMorton233_at_mail.com: "Re: SSL Forms Login for multiple sites"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SSL php code
... > Sean I am planning on exclusievely using secure pages (ssl) after the user requests to login. ... This will securely redirect to a login ...
(comp.lang.php)
Re: sendmail with smtp relay authentication
... LOGIN PLAIN')dnl ... the mail log and also attached the auto mail response I got. ... m31N0w2T002913: return to sender: User unknown ... 505 5.0.0 Message is sent with SSL but SSL is not allowed ...
(comp.mail.sendmail)
RE: Authorize.Net Plain Text Login Transmission
... service provider to find out personally whether or not they are vulnerable. ... Authorize.Net Plain Text Login Transmission ... > function as if you had gone to the correct SSL version of the page. ...
(Bugtraq)
Re: iis 6 ssl redirect initial login encrypted?
... Whilst the password isn't passed using either NTLM or Kerberos, it's not necessary for an attacker to know the password. ... another login box that uses https:// ... I just need to> get ssl ...
(microsoft.public.inetserver.iis.security)
Re: Google Secure Access
... >> email INCLUDING CLICKING ON THAT LITTLE SSL OPTION. ... Google then SENDS YOUR LOGIN DETAILS IN THE CLEAR TO YOUR ISP. ...
(sci.crypt)