School me on SSL please?

Discussion in 'Networking, Telephony & Internet' started by vladtepes, Jun 22, 2018.

  1. vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    Anyone have any links which I can learn more about this?

    Would I need an SSL certificate for each domain I have, or just one certificate each site?

    How much are they? One off or ongoing? (Not overly keen on how the 'free' ones seem to operate)

    Thanks peeps. :)
     
  2. gav1ski

    gav1ski Member

    Joined:
    Aug 9, 2001
    Messages:
    141
    Location:
    Sydney
    Depends on you site structure and how many you have.

    If you have 1 domain and the sites are all sub domains (site1.mydomain.com, site2.mydomain.com, etc) then a wild card certificate is your friend.
    If you have separate domains for each site with now sub domains then a certificate for each site is needed.

    [Edit]
    Forgot to add, if your sites are on the same web server you may need separate IP addresses for each unique domain depending on your web server and network configuration.

    Price can vary by a large amount depending on where you get them, how long that they last and what level of security you get. Personally I use Comodo wild card certs (standard ones) as that suites what I need. It's an ongoing code every few years to keep them valid.

    Please remember that a SSL certificate is not an everything is now secure step as the quality of the secure connection also relies on the web server configuration (have a look at SSL Labs https://www.ssllabs.com/ssltest/ as see the difference between Google and Facebook).

    Hope this helps a bit.
     
    vladtepes likes this.
  3. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,799
    Location:
    Brisbane
    Until the wildcard key gets emailed plain text, compromised, and then you're proper fucked.
     
  4. gav1ski

    gav1ski Member

    Joined:
    Aug 9, 2001
    Messages:
    141
    Location:
    Sydney
    Yep, :) though in that case every cert gets fucked. That is really the other part you need, how to replace them all quickly if something like this happens.
     
  5. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    Thank you.

    I have domain name A points to site A. That was a domain name A/piwigo and a domainname A/nextcloud and domain name A/wp
    domain name 2A,3A,4A,5A,6A,7A also redirect to site A

    Domain name B points to site B this has domainname B/wp and domainname B/forum

    Domain name C points to site C (just wordpress)
     
  6. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    1,440
    Location:
    BRISBANE
    Just use letsencrypt
     
  7. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,799
    Location:
    Brisbane
    Whilst I agree, this may as well be Swahili to someone who doesn't understand the basics of SSL/TLS.
     
  8. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    hehe yep that'd be me alright ! :)
     
  9. m0n4g3

    m0n4g3 Member

    Joined:
    Aug 5, 2009
    Messages:
    3,701
    Location:
    Perth, WA
    http://bfy.tw/4rXw

    once you have a handle on that.... as you seems to be confusing yourself.

    SSL is used to secure the domain.... the virtual directories themselves..... are irrelevant.

    http://bfy.tw/19EC

    You can use wildcard certs to secure xxx.domain.com. Each domain as in xxx.domain.com xxx.google.com xxx.abc.com will need it's own cert if you are using wildcard certs.
     
    vladtepes likes this.
  10. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    OK so my host tells me that I have free SSL certificates (via Comodo) installed on my sites.

    Now I just have to figure out how to make it all work so I can https them !
     
  11. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,997
    Location:
    NSW
    Which likely means you paid for it and will keep paying for it. Maybe this first time use the comodo certs seeing as you are unlikely to get a refund, but learn how to use letsencrypt for next time so you can save some $$$
     
  12. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    Well apparently it is provided 'free' as an ongoing thing by my host (so obviously included in the modest cost I pay).

    In any event now to figure out how to make it all work :)
     
  13. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    What host are you with? My web host, which also provides free Comodo certs, makes it less than easy to locate where the free certs can be enabled.
     
  14. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    NetVirtue. They have been really good with helping out in the past. I'll just have to have a bit of a fiddle when I get some time and see what I can discover.

    I have a question - if SSL cert is activated and site accessed via https = scure.

    Can the site still be accessed via http ? or will http automatically redirect or ...?

    Obviously don't want to lock out my users.
     
  15. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,997
    Location:
    NSW
    Normally you enable http --> HTTPS redirect somewhere on the console. otherwise google will red flag your site and you don't want that.
     
  16. m0n4g3

    m0n4g3 Member

    Joined:
    Aug 5, 2009
    Messages:
    3,701
    Location:
    Perth, WA
    http>https redirect needs to be enabled on the webserver software, whether that's apache/iis/etc
     
    vladtepes likes this.
  17. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    bcann hehe no I don't want that ! :)

    Thank you both.
     
  18. ir0nhide

    ir0nhide Member

    Joined:
    Oct 24, 2003
    Messages:
    4,508
    Location:
    Adelaide
    Should be able to set it up on CPanel etc, netvirtue should be able to help.
     
    vladtepes likes this.
  19. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    2,775
    Location:
    Brisbane, Qld
    Thank you.
     
  20. Grant_DXM

    Grant_DXM New Member

    Joined:
    Jun 28, 2018
    Messages:
    5
    vladtepes likes this.

Share This Page

Advertisement: