[surferboy]

I have an account with Bluehost and I have a registered domain name through Bluehost. But, I have some pages on my office server that I essentially want and need to host myself. However, I have a dynamic IP address. So, I am using DynDNS to create a static-like address.

Further, I need to use SSL to secure the transmission of information. But, my understanding is that one cannot use an SSL certificate with DynDNS. So, here is my question: can I create a subdomain on my bluehost account (www.subdomain.mydomain.com), point this to my dyndns address (www.myaccount.dyndns.org) and then use SSL successfully? If so, what would be my url: www.subdomain.mydomain.com or www.myaccount.dyndns.org?

Hope the question makes sense.

Thanks!

[besson3c]

If you can obtain an SSL certificate for your dyndns domain and host it in Apache, it will work, I think the issue is that the commercial SSL providers will not grant you an SSL certificate since you do not own this top level domain (TLD). Is a self-signed SSL certificate an option?

I'm not sure exactly what you are talking about as far as redirection goes, but if the common name listed in your SSL cert does not match the domain hosting the site, visitors will get browser alerts/errors. If accepting these browser alerts is an acceptable compromise for you, than it would be easier to simply create yourself a self-signed SSL cert.

[surferboy]

Creating my own self-signed cert. is not a terrible option, but my understanding is that browsers will produce a popup with warnings to the user.
This is a site where users will be submitting protected health information. So, I don't want people to feel insecure.

[besson3c]

Yes, but the bottom line is that the only way you can avoid generating those alerts is if your SSL common name matches your actual domain name, and the only way you can obtain an SSL certificate that matches your domain name from a commercial provider is to own that top level domain, which you don't.

[surferboy]

I'm still trying to grasp these concepts. I have no problem paying a CA for any of this- I just don't know the technical requirements associated with (1) making sure the communication is encrypted by SSL (2) doing this on my server (3) avoiding pop alerts to the user.

[besson3c]

You need a domain name that you own, and a DNS entry to point to it.

What I might suggest is a DNS entry for your domain that points to your dyndns domain name. Since your IP is dynamic you won't be able to set your IP as the nameserver for the domain, but you could look into a public DNS service that would be accessible via a static IP.

[surferboy]

I really do appreciate your help. I do own a domain name and I have nameservers that point to it. I think your suggestion is similar to my original thought: just use the domain that I currently own to point to the dyndns name.

One more thing: I also have no problem paying for a static IP address. I assume this would solve a lot of the problem?

[besson3c]

Originally Posted by surferboy 

I really do appreciate your help. I do own a domain name and I have nameservers that point to it. I think your suggestion is similar to my original thought: just use the domain that I currently own to point to the dyndns name.

One more thing: I also have no problem paying for a static IP address. I assume this would solve a lot of the problem?

It would give you a permanent and unchanging A record which would allow you to answer to your own DNS queries, so yes, that's what I would be working towards if what I suggesting sounds too complicated and messy for your tastes.

The other thing is that you'll need a static IP for IP based Apache Virtualhost declarations, and each SSL site needs to be on its own unique IP.