Okay, got a SSL certificate now, found out I can only have one HTTPS named
virtual server which is a sh*t.

Now anyone tell me how to make Apache force/only use HTTPS for shtml file
serving and not allow HTTP to access .shtml files ?

Many tanks in advance,

Aaron

Post removed (X-No-Archive: yes)

"Davide Bianchi" <davideyeahsure [at] onlyforfun.net> wrote in message
news:slrnfncfq5.37f.davideyeahsure [at] fogg.onlyforfun.net...
> On 2007-12-29, Aaron Gray <ang.usenet [at] gmail.com> wrote:
>> Okay, got a SSL certificate now, found out I can only have one HTTPS
>> named
>> virtual server which is a sh*t.
>
> Incorrect, you can have as many as you want, but all of them will use
> the same certificate. That's inherent in the way HTTPS works.

So the certificate provider should be ble to provide me with a SSL
certificate that will work for multiple domains ?

>> Now anyone tell me how to make Apache force/only use HTTPS for shtml file
>> serving and not allow HTTP to access .shtml files ?
>
> Use a <filematch > block to disallow access in the http vhost and/or
> use a Rewrite rule or Redirect to redirect to https.
>
> Something like
>
> <FilesMatch ".*\.shtml$">
> Order allow,deny
> Deny from all
> </FilesMatch>
>
> RewriteCond %{REQUEST_URI} .*\.shtml$
> RewriteRule ^/(.*)$ https://..../$1

I will have to decypher this, its a bit cryptic.

Thanks,

Aaron

Post removed (X-No-Archive: yes)

"Davide Bianchi" <davideyeahsure [at] onlyforfun.net> wrote in message
news:slrnfneivf.356.davideyeahsure [at] fogg.onlyforfun.net...
> On 2007-12-29, Aaron Gray <ang.usenet [at] gmail.com> wrote:
>>> Incorrect, you can have as many as you want, but all of them will use
>>> the same certificate. That's inherent in the way HTTPS works.
>>
>> So the certificate provider should be ble to provide me with a SSL
>> certificate that will work for multiple domains ?
>
> You can have a certificate for the domain (*.domain.com), but it will
> cost you a fortune and the browsers will still complains that
> "the certificate belongs to a different server" (or similar, don't
> remember the real error message), if that doesn't bother you, it's ok.
> It all depends on what you want, if you want encryption, it's fine.

Thats called a wildcard certificate.

There are MDC (Multiple Domain Certificates). These are both availiable from
:-

http://www.positivessl.com

Aaron