WebFaction
Community site: login faq
3
1

Since all webfaction users have a default subdomain at [username].webfactional.com if the ssl available to all users was assigned to .webfactional.com instead of .webfaction.com (or in addition to), users could direct secure transactions through that subdomain and bypass the browser warnings of a mismatched certificate.

For those users who are not trying to run their entire site on ssl, but specific secure transactions, I imagine this to be a viable alternative to purchasing a dedicated IP and a certificate.

I am aware of the current methods to setup ssl, but I was wondering if there is there any possibility this can be added to webfaction's features in the future?

asked 27 Jun '11, 17:21

aishny
3313
accept rate: 0%

closed 25 Jan '16, 22:49

seanf
12.2k41836

The question has been closed for the following reason "The question is answered, right answer was accepted" by seanf 25 Jan '16, 22:49


No, sorry - that's not going to happen. By doing so, we would basically be vouching for the security and trustworthiness of every site running on a "webfactional.com" subdomain, and that's not something we can do.

If you need SSL with a certificate matching your domain, then your best option is to get a domain name, get a dedicated IP, and then either purchase a certificate from a provider, or get a free certificate from someone like StartSSL.

permanent link

answered 27 Jun '11, 17:32

seanf
12.2k41836
accept rate: 37%

I see, so the ssl setup is very intentional. It allows users to use certificate but through the warning alleviates any liability.

(27 Jun '11, 17:37) aishny

That's more or less it, yes.

And don't get me wrong, we'd love to be able to offer SSL without the need for dedicated IPs, but right now that's simply not feasible. There is a way to make it work - see Server Name Indication - but it's not well-supported on the client side, so it's not practical for most users.

(27 Jun '11, 17:45) seanf

We now support SNI on all servers, so if you want to run a HTTPS site using your certificate without a dedicated IP, you can do so. To do so:

  • Create your HTTPS site in the control panel.
  • Open a support ticket to have us install your certificate.

(We still don't have plans to add a shared *.webfactional.com certificate.)

(01 Dec '11, 12:59) seanf

Has this policy changed in the last four years, or is the answer still "no, we don't have plans to add a shared *.webfactional.com certificate"?

(30 Dec '15, 20:38) enfascination

The policy has not changed.

(30 Dec '15, 20:45) seanf
By doing so, we would basically be vouching for the security and trustworthiness of every site running on a "webfactional.com" subdomain

How so? All that an SSL certificate for *.webfactional.com would mean is that the host name that your browser is pointing to is the same as on the certificate information (in this case something.webfactional.com). Some kind of 'you're at the right address'.

I don't see how this equates to vouching for the security and trustworthiness of those sites. All you're basically vouching for is that it's hosted on webfaction (which it is), and that you're helping your customers use SSL to protect communication without giving a nasty unnecessary warning. This would prevent making webfaction (and your customers) look unprofessional by issuing a mis-matching certificate.

I thought that the choice for webfactional.com instead of webfaction.com was (at least in part) for this purpose. So that it's very clear this is not actually webfaction. An alternative solution would be to create a wildcard certificate for *.webfaction-customers.com or a completely unrelated domain name. I think many hosting providers are doing this.

If that was the case (vouching for the security/trustworthiness), then all those SSL providers, particularly instant/cheap ones, will instantly go out of business. How can they vouch for the security and trustworthiness of the websites they issue certificates for? All they do is check that they are the legitimate owners of the domain name.

permanent link

answered 27 Aug '11, 07:25

yoav_aner
113
accept rate: 0%

edited 27 Aug '11, 07:27

Any SSL certificate includes the name of the person or the company who bought that certificate and they are the ones vouching for the content of the website. If we bought an SSL certificate for *.webfactional.com then we would be vouching for any content under *.webfactional.com served by that SSL certificate.

(29 Aug '11, 04:35) remi

The same can be said for content under webfactional.com without an SSL certificate. You're the owners of the webfactional.com domain name, so any content under it you're vouching for to a lesser or greater extent. I don't think SSL makes it any different.

(29 Aug '11, 16:36) yoav_aner

I agree with yoav_aner here. If other hosts are able to provide shared SSL certs (with matching domain name) without being liable for all their users' content, then why not WebFaction?

(24 Sep '11, 02:07) dzv

Webfaction must be losing a lot of business due to this decision, if you want to develop a simple facebook app then a https domain is a requirement. Heroku & AppFog provide this ability so I don't understand why webfaction can't.

(04 Sep '12, 18:12) isis

Aggree. If it will be basic non-varified certificate WF will guarantee for nothing. It just enables us to to use encryption without scary warnings for some simple tools what do not needs their domain.

(15 Mar '15, 18:19) ibobik

I can't deny the logic in @yoav_aner 's comment. It would be nice to have SSL on the *.webfactional.com domain.

(25 Jan '16, 22:02) JoshS
showing 5 of 6 show 1 more comments

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×93
×76
×27

question asked: 27 Jun '11, 17:21

question was seen: 6,857 times

last updated: 25 Jan '16, 22:49

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM