Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSL, what is "allowed?

Posted on 2011-03-10
2
Medium Priority
?
224 Views
Last Modified: 2012-05-11
So,

I have a main domain, ex. domain.com
And a subdomain, ex. secure.domain.com

I plan to add SSL to secure.domain.com

The frontpage of the subdomain will use the same layout and styling as the main domain (domain.com) and I would like to use the same css files as the main domain. The rest of the subdomain will use a seperate/new layout, so thats no problem.

The problem is, someone told me that all files in include (images, css, files outside public_html etc... everything), needs to be placed within the subdomain (for SSL). Is this true? Do I have to copy all my css, images and other files from my main domain to my subdomain?
0
Comment
Question by:kgp43
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Expert Comment

by:Michael701
ID: 35101776
What I've done in the past is to place the secure scripts (php) in a folder under the host root. So the url would be https://www.mysite.com/secure/login.php. You can then make sure that when a script is run it's under the HTTPS:// url

This way the entire site can be viewed under the ssl.

This gets away from the warning messages when accessing files outside of the SSL domain.
0
 
LVL 30

Accepted Solution

by:
Brad Howe earned 2000 total points
ID: 35101815
Hi,

CSS, Images and other files should use a relative path in the first place like ..\file.gif or ..\..\image.png. With that said, Anything that is posted in a browser under https (is secure and encrypted).

Now, the domain you want to secure is secure.domain.com. Assuming you are creating a brand new virtual host setup in your httpd.conf and simply creating virtual paths to your css/images, it will be secure.

Remember it is the site that is secure and everything under it. If the virtual host is only listening on port 443, then everything under it - not matter where the content is stored, is secure and served under SSL.

Cheers,
Hades666
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This article discusses how to implement server side field validation and display customized error messages to the client.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question