Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Developer Center > SSL Question

SSL Question
Thread Tools
surferboy
Mac Enthusiast
Join Date: Jul 2003
Status: Offline
Reply With Quote
Feb 9, 2008, 09:58 PM
 
I have an account with Bluehost and I have a registered domain name through Bluehost. But, I have some pages on my office server that I essentially want and need to host myself. However, I have a dynamic IP address. So, I am using DynDNS to create a static-like address.

Further, I need to use SSL to secure the transmission of information. But, my understanding is that one cannot use an SSL certificate with DynDNS. So, here is my question: can I create a subdomain on my bluehost account (www.subdomain.mydomain.com), point this to my dyndns address (www.myaccount.dyndns.org) and then use SSL successfully? If so, what would be my url: www.subdomain.mydomain.com or www.myaccount.dyndns.org?

Hope the question makes sense.

Thanks!
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Feb 9, 2008, 10:29 PM
 
If you can obtain an SSL certificate for your dyndns domain and host it in Apache, it will work, I think the issue is that the commercial SSL providers will not grant you an SSL certificate since you do not own this top level domain (TLD). Is a self-signed SSL certificate an option?

I'm not sure exactly what you are talking about as far as redirection goes, but if the common name listed in your SSL cert does not match the domain hosting the site, visitors will get browser alerts/errors. If accepting these browser alerts is an acceptable compromise for you, than it would be easier to simply create yourself a self-signed SSL cert.
     
surferboy  (op)
Mac Enthusiast
Join Date: Jul 2003
Status: Offline
Reply With Quote
Feb 10, 2008, 12:19 AM
 
Creating my own self-signed cert. is not a terrible option, but my understanding is that browsers will produce a popup with warnings to the user.
This is a site where users will be submitting protected health information. So, I don't want people to feel insecure.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Feb 10, 2008, 12:53 AM
 
Yes, but the bottom line is that the only way you can avoid generating those alerts is if your SSL common name matches your actual domain name, and the only way you can obtain an SSL certificate that matches your domain name from a commercial provider is to own that top level domain, which you don't.
     
surferboy  (op)
Mac Enthusiast
Join Date: Jul 2003
Status: Offline
Reply With Quote
Feb 10, 2008, 01:08 AM
 
I'm still trying to grasp these concepts. I have no problem paying a CA for any of this- I just don't know the technical requirements associated with (1) making sure the communication is encrypted by SSL (2) doing this on my server (3) avoiding pop alerts to the user.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Feb 10, 2008, 01:14 AM
 
You need a domain name that you own, and a DNS entry to point to it.

What I might suggest is a DNS entry for your domain that points to your dyndns domain name. Since your IP is dynamic you won't be able to set your IP as the nameserver for the domain, but you could look into a public DNS service that would be accessible via a static IP.
     
surferboy  (op)
Mac Enthusiast
Join Date: Jul 2003
Status: Offline
Reply With Quote
Feb 10, 2008, 01:23 AM
 
I really do appreciate your help. I do own a domain name and I have nameservers that point to it. I think your suggestion is similar to my original thought: just use the domain that I currently own to point to the dyndns name.

One more thing: I also have no problem paying for a static IP address. I assume this would solve a lot of the problem?
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Feb 10, 2008, 04:08 PM
 
Originally Posted by surferboy View Post
I really do appreciate your help. I do own a domain name and I have nameservers that point to it. I think your suggestion is similar to my original thought: just use the domain that I currently own to point to the dyndns name.

One more thing: I also have no problem paying for a static IP address. I assume this would solve a lot of the problem?
It would give you a permanent and unchanging A record which would allow you to answer to your own DNS queries, so yes, that's what I would be working towards if what I suggesting sounds too complicated and messy for your tastes.

The other thing is that you'll need a static IP for IP based Apache Virtualhost declarations, and each SSL site needs to be on its own unique IP.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:50 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,