SSL Admin - Multiple Domains

[trent]

I have several mapped domains on my install and they were done through creating a new site id, changing the original blog to the new site id and then bringing over the meta data for each domain.   This seems like the only way people have mapped domains and frankly that is what the multi-site plugin does as well.

Has anyone thought about getting the backend to keep the original URL of the main WPMU domain much like what wp.com does?    Normally, it wouldn't matter since the logins work regardless, but I am thinking about SSL on the admin area and I don't really know what will happen.   Let me ask these questions:

1) If you use either of the 2 known SSL plugins for securing the wp-admin, will this work for all variations of the admin URL with domain.com/wp-admin/ working as well as blog1.domain.com/wp-admin/ ?

2) Assuming that is correct with number 1, what about the current method mapped domains since they are actually domain2.com/wp-admin/ and domain3.com/wp-admin/ working on the obvious same IP address with SSL.    I don't think they will work will they?   If not, does that mean adding SSL will just break the admin for the mapped domains?

Just wondering if any of you have thought about it and what your opinions are.   SSL would be a nice addition for me, but I don't really want to screw up the mapped domains.   As well, I don't really want to have to get a certificate for every single domain and even if I would entertain that, since they are on the same IP how would you get the certificate to work since each domain requires a unique IP for SSL to work anyways?   Is that correct?

Trent

[Luke]

Honestly, SSL is overkill and not needed unless you're passing sensitive data between the user and the server. Typically, MU doesn't. Some may argue that the users password is sensitive, but honestly, what is it protecting? Nothing much, really. Certainly nothing that's truly sensitive.

For what you're asking about, if you don't have a dedicated server, you're out of luck overall.

Yes, each SSL certificate needs it's own IP.

You would have to get a wildcard certificate for any domain which has subdomains, and they aren't exactly cheap.

Also, a wildcard ssl cert will not cover anything without a subdomain. So domain.com isn't covered, while sub.domain.com is.

So for a single domain, you would need two certificates, and two IP's.

Which, gets into setup issues, and unless you have a dedicated server, you're not going to pull it off.

[drmike]

I noticed that wp.com moved back to using SSL.  This time just for the login process.  You're dropped back to regular http for the backend.

[trent]

Found out this was much easier than I thought.   Still working on the domain mapping onto the subdomains, but the ssl was easy enough with the wildcard ssl.    Did some looking around and found plugins that were easy enough to force ssl on login and the admin area if needed.   

Trent

[drmike]

If I may ask, which plugin did you wind up using?  I remember a couple rather lengthly discussions over on the mu forums about getting some of them to work and folks having problems with them.

May be good to note which one worked.

[trent]

Without restating everything, I put a little write-up about it on my blog, but I am using the one from Haris.tv myself as I am not sure if they have changed the one they used on wordpress.com or not to work with php5.    It also works with both private and shared certs even though I am private.

Trent


Mod: corrected link format

[drmike]

Thank you for the response.  I've been debating on something like this for other platforms besides mu on our boxes.  24 box wide SSL licenses is a bit much though.

[trent]

Just an update that I also tested out Secure-Admin (Ryan's Plugin) and it failed for me on php5.    The only one that works is the one by Haris.tv for me.   My issue is that because of the cookie being secure now, super cache fails knowing that you are logged in.    There was an .htaccess hack for this in the wordpress.org forums, but it never worked for me.   I guess just using wp-cache and object cache will have to do

[drmike]

Is the issue that you have with the Harris plugin or with Ryan's?  I'm not totally sure from reading your post.

[trent]

With Ryan's version.  Sorry about that.   It doesn't play well with php5 and gives me an infinite redirect on the admin area even though the login works.    Haris.tv is the one that works 100% for me.

Trent