Re: [IUG] purchasing ssl certificates help please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Date: Mon, 15 Oct 2007 10:48:44 -0400
From: Bob Duncan <duncanr at lafayette dot edu>
Subject: Re: [IUG] purchasing ssl certificates help please

At 01:09 PM 10/11/2007, Christine wrote:

Can anyone tell me please whether we need to buy the more expensive
wildcard ssl certificate (*.unicat.bangor.ac.uk)?

We are about to purchase a certificate for the secure browsing in 'The
New ISI Web of Knowledge, v.4' which is accessed via WAM.

We are also probably be needing a certificate for Ecommerce.

Will one ordinary certificate do for both?

Certificates are issued for a host; if you try to establish a secure connection to a host and the cert doesn't match the host, you get an error/warning dialog. So assuming Ecommerce and WAM both look to unicat.bangor.ac.uk, a single cert issued for unicat.bangor.ac.uk would suffice for secure access to Ecommerce and WAM functionality.

The problem with WAM and certs comes when the site being proxied uses https, in which case you get a rewritten URL that uses https instead of http, and there's no cert for the rewritten hostname.

Example. You have a proxied link to WoK that looks like this:
http://0-isiknowledge.com.unicat.bangor.ac.uk/

When a cert is installed, this will redirect to:
https://unicat.bangor.ac.uk/validate/http%3A%2F%2F0-isiknowledge.com.unicat.bangor.ac.uk%3A80%2F

...which works. But once you're in WoK, if WoK throws a secure page at you, you'll get something along the lines of:

https://0-isiknowledge.com.unicat.bangor.ac.uk/

...which will cough up an error/warning, because no cert has been issued to 0-isiknowledge.com.unicat.bangor.ac.uk/. You can usually just dismiss the warning, but it can throw users off a bit.

A wildcard certificate issued to *.unicat.bangor.ac.uk should take care of that because the 0-isiknowledge.com. part of the "host" will be covered.

Note that I have no direct experience with wildcard certificates; we just installed a regular cert and the above is based on my experience and understanding of what's afoot. Corrections of misunderstandings welcome.

Also---the "secure browsing" in Web of Knowledge will only apply to personalization features within the platform; normal use of the database will not be affected.

Bob Duncan

~!~!~!~!~!~!~!~!~!~!~!~!~
Robert E. Duncan
Systems Librarian
Editor of IT Communications
Lafayette College
Easton, PA 18042
duncanr at lafayette dot edu
http://www.library.lafayette.edu/

Follow-Ups:
- Re: [IUG] purchasing ssl certificates help please
  - From: Jones,Christine Mary

References:
- [IUG] purchasing ssl certificates help please
  - From: Jones,Christine Mary

Prev by Date: [IUG] INNOPAC Digest, Vol 46, Issue 22
Next by Date: [IUG] Archiving order records
Previous by thread: [IUG] purchasing ssl certificates help please
Next by thread: Re: [IUG] purchasing ssl certificates help please
Index(es):
- Date
- Thread