Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Dec 2010 13:37:40 +0100
From:      Laszlo Nagy <gandalf@shopzeus.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: do i need a dedicated ip address for https?
Message-ID:  <4D11F114.5050301@shopzeus.com>
In-Reply-To: <353856.29096.qm@web121401.mail.ne1.yahoo.com>
References:  <353856.29096.qm@web121401.mail.ne1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2010-12-22 07:53, S Mathias wrote:
> http://help.godaddy.com/article/1054
>
> "# Set up SSL protection on your website."
>
> is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain?
Obviously, you cannot have a website without an IP address.
Another strict rule is that you can only use one SSL certificate per IP 
address + PORT. This is determined by the SSL protocol, and you cannot 
do anything to change it.

But there are possibilities. You can use different SSL certificates for 
the same ip address and different port numbers:

https://your_domain_1:4430
https://your_domain_2:4431

etc. (where your_domain_1 and your_domain_2 have the same IP, and you 
have different certificates from them).

You can also use many host names with the same IP address and port 
number, but they will have to share the same SSL certificate. It is not 
a problem, if they are subdomains, and you own a wildcard certificate. 
Example:

https://sub1.yourdomain.com
https://sub2.yourdomain.com
https://sub3.yourdomain.com

etc. (where you have a wildcard certificate for *.yourdomain.com)

And finally, it is possible to use different domains and the same port, 
without wildcard certificate or subdomains, but then all connecting 
clients will complain about the problem (e.g. certificate belongs to a 
domain that differs from the one you are connecting to.) For any serious 
projects, this is not recommended. You cannot expect customers sending 
you private information on a website that cannot identify itself...

Best,

    Laszlo

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D11F114.5050301>