Welcome to WebmasterWorld Guest from 54.227.110.209

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

SSL question

     

abrodski

5:08 pm on Sep 23, 2012 (gmt 0)

5+ Year Member



I have a website hosted on a regular hosting with my own IP and I purchased COMODO SSL for a year via my hosting provider. I have a primary domain and couple of add-on domains. Add-on domains are completely different domains residing in separate folders of my primary domain (kinda like sub-directories).

I don't really need SSL all that bad. I would probably use PayPal which has its own secured interface for credit card online transactions. BUT...what I do need is to be able to login securely into my Joomla backends where I enter my admin credentials. Obviously, SSL that I have is connected to my primary domain (hoster doesn't provide SSL for add-ons anyway). The good news is that I'm somehow being able to
use SSL on my add-ons' backends. I force SSL in Joomla configuration for a backend of Joomla and it seems to be working fine. The only thing is...browsers show me a warning messages that I simply ignore since I know what it's about. The warning is because the certificate was issued for a different domain (ie. my primary one only).

The question is...anyone can explain it and do you think SSL would work fine for ALL of the domains (one primary and 2 add-ons)?

not2easy

5:17 pm on Sep 23, 2012 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



It sounds like your shared hosting is set up for recursive permissions maybe?

Your visitors also see the warning, and most of them don't know what that's about. Visitors using "Online Protection" components of AV programs will see a more explicit warning from their AV program. It is not a good idea, bad user experience and no benefit to you or others. Just the first things that occur to me anyway.

abrodski

6:19 pm on Sep 23, 2012 (gmt 0)

5+ Year Member



What exactly is a recursive permission? I don't have a clue...

But no, you didn't get it! Totally opposite, actually!
I'm not silly to do that on a FRONT END of Joomla. I mean where the site's visitors will wander. I was referring to the BACK END where I enter my admin credentials to login. "Normal" visitors don't even know that URL to begin with.
Well, even if they knew...They wouldn't get an access cos' it's an IP address sensitive so to speak. They would get 403 error. And even if they can bypass that IP protection they still won't know the RIGHT URL. Because it's somewhat different from a regular Joomla www.mysite.com/administrator login back end URL. AND it's password-protected as well, even if I told them the correct URL to login. And then, of course, we have a regular Joomla back end login. So I guess someone has to be very persistent and knowledgable to see that warning.