Multi NT Application Deployment with SSL

[Rob Kolanko]

Say I build a number of NetTalk server applications that customers wishes to deploy on the same server.  Also the customers expect that the user would be able to be accessed  two or more applications using the same browser at the same time.  I believe that this is possible, if the application where incorporated into the  NetTalk Multi-Site Host system.

However  some customers also wishes to serve SSL pages,  my understanding is that  the Multi-Site Host system will not work with SSL. Is it possible to have separate NetTalk server applications that use different IP port numbers, and share the same SSL certificates on the same? Even if they could share certificates, the NetTalk server applications would share the same Session ID cookie and thus the user would not be able to run the different applications on the same browser, but is it possible? 

Therefore my conclusion is that it is impossible to deploy more than one independent NetTalk server application on the same server, if the applications use SSL. Am I missing something?

Thanks
Rob

[bshields]

Hi Rob,

Given that cookies are not unique across ports (RFC2965 3.3.1). If more than one application is accessed on the same browser the cookies will conflict (if the only difference is the port). So using Ports wont fix it.

You can use IP addresses and that will work. Bind each Nettalk server to an internal IP (Give your server box as many internal IPs as necessary). You can then use the same number of external IPs (if you have them) or get your router to make various ports on your external IP map to the appropriate IP/port on your internal system.

Your SSL certificate will need the ability to support more than one domain name (eg. wildcard Certificate or one that supports a number of domains eg. *.mydomain.com).

That will work.

Regards
Bill

[kevin plummer]

I think Bruce is looking to add something into NT7 (if possible) to help differentiate between the same app running on multiple tabs which might also overcome your problem. There was a post on this NG a month or so ago.

[Bruce]

Hi Rob,

while cookies don't include the port number, they do include the host name (ie the site part of the URL). So you could run multiple applications using a different host name. For example;

clarion.capesoft.com:88
forums.capesoft.com:89
www.capesoft.com:90
and so on, all point to the same machine - but to different exe's on the same machine, and each would have unique cookie.
(of course if you used fixed certificates, this would also need 3 different certificates.)

You can get a wildcard certificate, eg *.capesoft.com in this case, which means you can host multiple sub-domains on SSL on the same machine using multi-host. that's the route I would recommend.

Kevin - actually in this case it wouldn't help because the problem is reversed - he's not looking for multiple sessions, but distinct sessions across one domain.

cheers
Bruce

[Rob Kolanko]

Bruce,
Would a wildcard certificate allow the Multi-Site Host system to work with SSL?
Rob

[Bruce]

yes, for subdomains. eg
the wildcard for
*.capesoft.com
allows us to have one multi-host running
downloads.capesoft.com
forums.capesoft.com
and so on.
it would not allow the host though to support
www.capefox.com

cheers
Bruce

[kevin plummer]

Bruce are they running SSL?

[Bruce]

no, I'm not saying we _have_ done it, I'm saying we _could_ do it.
(I think we've actually done it with our CapeFox site, but I wouldn't swear to that...)

cheers
Bruce