Delay on Store Relaunch

Due to technical problems with our server, it is looking likely that our miniatures store will not be opening today as planned. The relaunch will now, probably be Tuesday. Sorry for the inconvenience.

For those of a technical nature who wish to revel in my folly, the problem lies in the SSL server. This is used to communicate with the Google Checkout and confirm that sales have gone through. I had successfully set this up before on my Tintin site and expected it to be easy.

It turns out that Debian / Apache2 only supports a single SSL domain per IP address. As my Tintin site runs off the same server as 6d6 Fireball, this is a problem. There are workarounds but in the process of installing them, I somehow managed to delete my SSL key. This means purchasing the certificate again (a process that takes about 24 hours) and then fixing the IP address problem (probably a day’s work). I might get lucky and have things done sooner but Tuesday seems more likely.

4 comments

  1. I’m pretty sure that the 1 SSL site per IP is irrespective of Apache2 / Debian. I think it’s just due to the underlying nature of SSL connections. They come in on port 443 with everything encrypted, including the headers. So, the server needs to decrypt the whole thing first before knowing what to do with it. Therefore, it necessitates a 1-to-1 mapping between port 443 and an SSL certificate.

    I guess if you’re a real masochist, you could hack Apache and have it try multiple certificates in some kind of order, but there’s probably a horrible security hole in there somewhere.

    Also, are you sure you can use the same certificate for both tintin and this site? The cheap (ie. < $1k / yr) certificates are keyed to a particular domain/subdomain and will vomit all kinds of warnings if they’re used anywhere else.

  2. Ah, I’ve never heard of SNI before. That’s pretty cool. Still, I definitely wouldn’t use it yet. Take a look at the browser support. No IE6, and IE7 only on Vista. That cuts out a pretty huge chunk of people ūüôĀ

    It’s one thing to say “we don’t support XXX”, but when those people are trying to give you money, that’s a whole different ballgame.

    Micah´s last blog post..Welcome to your Adventure Log!

  3. Micah – As I’m only using it to communicate between my system and the Google Checkout, browser support is not an issue.

    Having thought about the problem, I’m trying using a third domain to act as a common SSL server for my merchant sites. Don’t know if it works yet (waiting of my SSL certificates to be processed) but it looks promising.

Comments are closed.