[nycphp-talk] dedicated subdomain for SSL ?
Chris Snyder
chsnyder at gmail.com
Mon Jun 8 13:49:30 EDT 2009
On Mon, Jun 8, 2009 at 1:34 PM, David Mintz<david at davidmintz.org> wrote:
> Ladies and gents,
>
> What's the latest greatest best practice for setting up an SSL-encrypted
> area of a site? Do we recommend creating a subdomain like ssl.example.org or
> secure.example.org, to emphasize to the users that they're accessing an
> SSL-secured site? Or is it not really necessary? Pros and cons?
>
That approach can minimize long-term costs -- funneling all secure
traffic through one subdomain means that you only need a single
commercially-signed certificate. That server can act as a reverse
proxy for other internal servers with self-signed certificates if
necessary.
More information about the talk
mailing list