[CentOS] do i need a dedicated ip address for https?

Tony Mountifield tony at softins.co.uk
Wed Dec 22 10:05:26 UTC 2010


In article <133721.39495.qm at web121405.mail.ne1.yahoo.com>,
S Mathias <smathias1972 at yahoo.com> wrote:
> http://help.godaddy.com/article/1054
> 
> "# Set up SSL protection on your website."
> 
> is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to
> use ssl on my domain?

Not exactly. An SSL certificate is not tied to an IP address, but to a
hostname. If you only have a single SSL site on the server, it doesn't
matter what the IP address is, or even whether it is a dynamic address
registered with a dunamic DNS provider. It will still work.

The thing you CAN'T do is to have name-based virtual hosting with multiple
domains on a single IP address, with more than one of them using SSL.
Name-based virtual hosting relies on the HTTP Host: header to identify
which virtual host is being accessed. But under SSL, the headers are
not sent until the encrypted SSL channel has been set up. So the only
way the server can know which certificate to use is by the IP address
on which the request is recieved. So multiple SSL sites on a single
box MUST each have their own IP address.

Hope this helps!

> thank you
> 
> happy Christmas! :)

Happy Christmas to you too!

Tony

-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org



More information about the CentOS mailing list