CMSMS is truly awesome; that's undeniable! Still, there is one issue that I'd love to resolve: full support for secure Admin functionality using shared SSL. Shared SSL is an affordable "hacker-limiting" security option for sites that don't otherwise need a private SSL certificate (e.g., informational, non-profit, non-commercial, hobby, etc). It would be great if we could get CMSMS to support this.
A forum search found that this topic has been discussed since at least August 2005 (see some relevant links below). The issue keeps coming up and partial solutions exist, yet it hasn't, to my knowledge, been fully resolved. I searched the CMSMS project's feature-request and bug lists, but didn't find an entry for it. Did I miss it? If so, please send me the bug/feature-request number. If not, I'll be happy to create a new request. I'd like to help get this working sooner rather than later.
First, let me clarify what I mean by "shared SSL". Forgive me if any of the following is stating the obvious, but I want to be sure we're using the same terms. As I understand it, shared SSL implementations can take a variety of forms, but typically look similar to one of these:
a) A standard (FQDN) SSL certificate for a hosting co. server with an added user directory path where secure files are stored. As far as I know, this path tends to map to the same filesystem directory tree as the user's document root (similar to a symlink), but I'm not sure this is always the case. Examples:
non-SSL URL: http://www.example.com/
SSL URL: https://secure123.hostingcompanyX.com/~fred/
b) A wild card SSL certificate for a hosting co. where each server is assigned a subdomain and a user directory path is applied that maps to the user's document root. Examples:
non-SSL URL: http://www.example.com/
SSL URL: https://secure1234.hostingcompanyY.com/~fred/
c) A wild card SSL certificate for a hosting co. where each username is assigned a subdomain that points to that user's document root. For example, the following two URLs would map to the same filesystem directory tree as the user's document root:
non-SSL URL: http://www.example.com/
SSL URL: https://fred.hostingcompanyZ.com/
Given these definitions of shared SSL, has anyone been able to get the full Admin functionality working with a shared SSL hosting account (e.g., login, cookies, edit content page preview, xajax, image display in Image Manager, etc.)? If so, please send or post instructions. If not, then I'll create an official feature request.
Thanks,
Fred P.
P. S. As an aside, I've been experimenting with this on my own. I've made some simple mod's to the 1.6.6 code base and have much of the CMSMS Admin console working on a shared SSL hostgator.com account, but a few serious problems persist. I will, however, save the details for another thread, in the name of brevity.
Also, for your convenience, here are links to some older threads related to this topic:
http://forum.cmsmadesimple.org/index.ph ... 475.0.html
http://forum.cmsmadesimple.org/index.ph ... 750.0.html
http://forum.cmsmadesimple.org/index.php?topic=13735.0
http://forum.cmsmadesimple.org/index.ph ... 250.0.html
http://forum.cmsmadesimple.org/index.ph ... l#msg48986
http://forum.cmsmadesimple.org/index.ph ... 839.0.html
