SSLGate is a gateway program that runs under Windows-NT. In presents a single
target for all shared certificate accounts. SSLGate converts all secure SSL
requests to standard HTTP requests and routes them to the user specified
directory of ANY server/domain. With SSLGate, a fully functional shared
certificate account can be created/removed in seconds.
SSLGate allows for maximal flexibility of shared site SSL certificates. With
SSLGate, each virtual site can enjoy the same capabilities with shared
certificates as owners of dedicated site certificates. HTTPS requests can
be converted to HTTP and routed to any virtual site on any computer within
the web hosting service's network. SSLGate uses standard X509 certificates
in the same format as Apache. It can, therefor, use certificates made by
any private certificate authority (using openssl) or trusted authorities
(Verisign, Thawte).
The limitations of IIS certificate sharing
The available options for certificate sharing for multi-site IIS installations
is very limited. In the usual configuration, directories within the certificate
owning domain are mapped to directories within other virtual sites, often
on a different computer. This is a huge configurational 'head-ache' requiring
careful attention to security and permissions. The owner of the virtual site
is left with a highly restricted environment in which applications run in
a separate execution context from other applications within his site. This
significantly reduces, or even eliminates, certain options. aspx, in particular,
cannot be run from the resulting 'shared cert' directories. Many hosting
services simply don't offer shared certificate options to their web hosting
packages under IIS.
Overall, offering a shared certificate option means the web service provider
must devote a great deal of time/resources to the creation and maintenance
of the virtual sites that use them. The provider is faced with a different
set of operational procedures depending on the server platform involved (Unix
or NT). Further, the provider is often faced with complete physical relocation
of all files in a site when the owner of a virtual site decides to change
his options.
SSLGate: one simple procedure for all platforms
With SSLGate, one simple procedure is used regardless of the target platform.
Each virtual web site owner creates an arbitrarily named directory off his
root directory ('ssl' is a popular choice). HTTPS requests are converted
by the gateway to standard HTTP requests, and relayed to the web server.
All transactions between users and SSLGate, which travel across the open
internet, are encrypted using the industry-standard algorithms used by all
standard browsers. SSLGate translates this conversation to standard HTTP,
and relays them to the target server within the web service provider's network.
The flexibility of SSLGate can even be extended to Unix/Linux based sites.
Many hosting services require a separate account, on a separate machine,
to provide a shared certificate option. SSLGate, running on an NT/Win2k/XP,
can deliver the same shared certificate options to these Unix/Linux based
virtual-sites as it does for the IIS sites. |
