1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

httpdocs httpsdocs & CA Cert

Discussion in 'Plesk for Windows - 8.x and Older' started by knocx, Mar 25, 2005.

  1. knocx

    knocx Guest

    0
     
    I wonder such things and i can not take myself thinking of these :)


    i am really dying to know the answers;


    1- Why on earth there are 2 saparate roots for a website like httpdocs and httpsdocs? Why cant we just switch the protocol to https within same directory?

    Most PLESK techs answer: "because of the security" what are the contributions of doing this in the means of Security? Can someone please explain it?

    SSL Protocol is an intermadiate protocol between appllication(http) and TCP Layers and it has no relation with where the data located.


    Now lets look at the webserver , i.e when the web server issues Client_Write_DATA to send the html data , it is passed to record layer of SSL , ecrypted by the mutually agreed Ecryption algorithms (i.e Rijndael AES, 3DES...etc ) simmetric key and then the data is sent to the receipent...goes on like this. dont want to get into details...

    in practice https is lower than http so there can not be a security reason of saparating httpdocs and httpsdocs.


    2- Why do PLESK want the CA root cert each time a certificate is installed by the client even if it is in the Cert root of the OS.

    i think they do not query the Cert root of the OS , this causes problems when a user installs a new cert that the issuers root cert already int the cert root of OS, plesk askes for CA cert!

    this is also problematic

    regards
    knocx
     
  2. lboss

    lboss Guest

    0
     
    It is not correct. Plesk 7.5.x uses httpdocs for domain hosting, and use httpsdocs for Shared SSL feature.

    Hm... Can you describe what you mind?
     
  3. knocx

    knocx Guest

    0
     
    Re: Re: httpdocs httpsdocs & CA Cert

    What do you mean by that?
     
  4. lboss

    lboss Guest

    0
     
    I mean it is different folders. httpsdocs does not uses for HTTPS hosting. HTTP and HTTPS protocol use httpdocs forlder to get context.
     
  5. knocx

    knocx Guest

    0
     
    Oh.. is it? ... How couldnt i ever think of that.
     
  6. dynaweb

    dynaweb Guest

    0
     
    I see, but since that is the case, why is Plesk creating the https dir?
     
  7. knocx

    knocx Guest

    0
     
    :) thats already what i am asking for

    "Why is Plesk creating the https dir?"

    i still could find no answers to that :)

    - using a separate httpsdocs provides no extra security.

    i can prove this in the means of TLS / x.509/ PKCS and also mathematically

    Infact another problem is that even if you intall the root CA cert into the system PLESK asks for it again &again.

    hence each client has its own root CA cert for verification of his certificate... thats another stupidity.
     
  8. dynaweb

    dynaweb Guest

    0
     
    httpsdocs dir is obsolete or not?

    I looked through the changelog and found nothing about this. Can somebody confirm that the httpsdocs dir is obsolete or not?
     
  9. dynaweb

    dynaweb Guest

    0
     
    I read elsewhere in the forum that the httpsdocs dir is only for shared ssl.
     
  10. knocx

    knocx Guest

    0
     
Loading...