Mobile app version of vmapp.org
Login or Join
Moriarity557

: 2 SSL certificates? I just spend ages moving all static content to a cookiless domain to help performance, it seems to work great! It got me thinking though, when I install SSL on my main

@Moriarity557

Posted in: #Https

I just spend ages moving all static content to a cookiless domain to help performance, it seems to work great! It got me thinking though, when I install SSL on my main site, am I also going to have to buy SSL on my cookieless domain to stop warning messages?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Moriarity557

2 Comments

Sorted by latest first Latest Oldest Best

 

@Welton855

Well done for properly setting up your content so that cookies are not round-tripping for every small image, css and js file!

As for your httpd:// complication...

You can get around this by problem by serving all of the traffic from the one IP address, including the static content. So long as that is login, customer account area, checkout or other areas where you really need then that should not be too much stuff.

The tools you will need to effect this are in your httpd.conf files - all three of them...

If you are using .htaccess you can move all of that into your httpd.conf (which again improves performance, albeit not necessarily noticeably so). In that way you can have in effect two separate 'htaccess' ways to serve your content.

I take it that your /js /images and other static content is not on a different box? Without explaining what you changed to effect your setup, it is hard to suggest a complete solution but I think you should be able to get to work off the one domain given what you have achieved already.

As for just bunging another SSL on there, the two SSLs on one IP is a bit of a myth:
wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
If you go for two certificates on one IP then your IE6 users might get a rough deal, it will work for all the other browsers though.

10% popularity Vote Up Vote Down


 

@Kristi941

Yes. There are two ways you can do this:


Get two SSL certificates: one for the main domain and one for the cookieless domain. This is the cheaper way to do this but also requires maintaining two SSL certificates.
Get a wildcard SSL certificate and use it for the main domain and cookieless subdomain. (Obviously your static content needs to be on a subdomain of the main website). This is more expensive but only requires maintaining one SSL certificate and allows for future subdomains to also be secure.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme