From owner-freebsd-questions@FreeBSD.ORG Wed Dec 22 12:55:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F9B6106564A for ; Wed, 22 Dec 2010 12:55:13 +0000 (UTC) (envelope-from gandalf@shopzeus.com) Received: from 10610.x.rootbsd.net (10610.x.rootbsd.net [204.109.60.69]) by mx1.freebsd.org (Postfix) with ESMTP id 5A2FF8FC08 for ; Wed, 22 Dec 2010 12:55:13 +0000 (UTC) Received: from [192.168.1.105] (localhost [127.0.0.1]) by 10610.x.rootbsd.net (8.14.3/8.14.3) with ESMTP id oBMCcs79093587 for ; Wed, 22 Dec 2010 12:38:54 GMT (envelope-from gandalf@shopzeus.com) Message-ID: <4D11F114.5050301@shopzeus.com> Date: Wed, 22 Dec 2010 13:37:40 +0100 From: Laszlo Nagy User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <353856.29096.qm@web121401.mail.ne1.yahoo.com> In-Reply-To: <353856.29096.qm@web121401.mail.ne1.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: do i need a dedicated ip address for https? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Dec 2010 12:55:13 -0000 On 2010-12-22 07:53, S Mathias wrote: > http://help.godaddy.com/article/1054 > > "# Set up SSL protection on your website." > > is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? Obviously, you cannot have a website without an IP address. Another strict rule is that you can only use one SSL certificate per IP address + PORT. This is determined by the SSL protocol, and you cannot do anything to change it. But there are possibilities. You can use different SSL certificates for the same ip address and different port numbers: https://your_domain_1:4430 https://your_domain_2:4431 etc. (where your_domain_1 and your_domain_2 have the same IP, and you have different certificates from them). You can also use many host names with the same IP address and port number, but they will have to share the same SSL certificate. It is not a problem, if they are subdomains, and you own a wildcard certificate. Example: https://sub1.yourdomain.com https://sub2.yourdomain.com https://sub3.yourdomain.com etc. (where you have a wildcard certificate for *.yourdomain.com) And finally, it is possible to use different domains and the same port, without wildcard certificate or subdomains, but then all connecting clients will complain about the problem (e.g. certificate belongs to a domain that differs from the one you are connecting to.) For any serious projects, this is not recommended. You cannot expect customers sending you private information on a website that cannot identify itself... Best, Laszlo