1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

SSL question

Discussion in 'Security' started by abrodski, Sep 23, 2012.

  1. #1
    I have a website hosted on a regular hosting with my own IP and I purchased COMODO SSL for a year via my hosting provider. I have a primary domain and couple of add-on domains. Add-on domains are completely different domains residing in separate folders of my primary domain (kinda like sub-directories).
    SEMrush
    I don't really need SSL all that bad. I would probably use PayPal which has its own secured interface for credit card online transactions. BUT...what I do need is to be able to login securely into my Joomla backends where I enter my admin credentials. Obviously, SSL that I have is connected to my primary domain (hoster doesn't provide SSL for add-ons anyway). The good news is that I'm somehow being able to
    use SSL on my add-ons' backends. I force SSL in Joomla configuration for a backend of Joomla and it seems to be working fine. The only thing is...browsers show me a warning messages that I simply ignore since I know what it's about. The warning is because the certificate was issued for a different domain (ie. my primary one only).

    The question is...anyone can explain it and do you think SSL would work fine for ALL of the domains (one primary and 2 add-ons)?
     
    abrodski, Sep 23, 2012 IP
    SEMrush
  2. madaboutlinux

    madaboutlinux Member

    Messages:
    250
    Likes Received:
    7
    Best Answers:
    2
    Trophy Points:
    43
    #2
    No, let whatever you do, SSL will work without warning only on the domain the SSL is issued for. If it is used for a different URL, it will give user a warning message.

    The other option is to make the Joomla backend work on a sub-domain instead of on an add-on domain and install a wildcard SSL on the main domain so the SSL will work for all sub-domains too.
     
    madaboutlinux, Sep 24, 2012 IP
  3. abrodski

    abrodski Member

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #3
    Thanks for your reply!
    No, wildcard SSL is expensive. As a matter of fact, just for a login I'm considering a FREE option of private self-signed cert.
    Would save me 50$ a year...
     
    abrodski, Sep 24, 2012 IP
  4. madaboutlinux

    madaboutlinux Member

    Messages:
    250
    Likes Received:
    7
    Best Answers:
    2
    Trophy Points:
    43
    #4
    Even the self-signed certificate will prompt a warning message.
     
    madaboutlinux, Sep 24, 2012 IP
  5. abrodski

    abrodski Member

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #5
    A warning message doesn't scare me when I know the reason behind it.
     
    abrodski, Sep 24, 2012 IP
  6. madaboutlinux

    madaboutlinux Member

    Messages:
    250
    Likes Received:
    7
    Best Answers:
    2
    Trophy Points:
    43
    #6
    If you are the only one that is going to access that area, then that's fine but if your clients too are going to access it then it will definitely scare them :)
     
    madaboutlinux, Sep 25, 2012 IP
  7. AstoundingHost

    AstoundingHost Peon

    Messages:
    34
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I would suggest inputting your domain on SSL Hopper's SSL Checker (would post the link but I can't yet) and seeing what it comes up with.

    If all is clear; then I would suggest using Chrome's Inspect Element and going to the Console which will display what needs to be changed for SSL not to display warnings.
     
    AstoundingHost, Sep 30, 2012 IP
  8. Roger Pelt

    Roger Pelt Active Member

    Messages:
    121
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    53
    #8
    - Agree...

    Yes, if your clients are going to access log-in area and provide their personal information on your website; than you should secure your website with SSL issued by trusted CAs. Because clients usually don't know about the security warning but warning window while accessing your website can make them little-bit unsure to provide such info.
     
    Roger Pelt, Apr 2, 2013 IP