[CentOS] do i need a dedicated ip address for https?

Markus Falb markus.falb at fasel.at
Wed Dec 22 11:27:17 UTC 2010


On 22.12.2010 11:05, Tony Mountifield wrote:
> In article <133721.39495.qm-j4IRtXk+ZdTuQS8rMknbopOW+3bF1jUfVpNB7YpNyf8 at public.gmane.org>,
> S Mathias <smathias1972 at yahoo.com> wrote:
>> http://help.godaddy.com/article/1054
>>
>> "# Set up SSL protection on your website."
>>
>> is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to
>> use ssl on my domain?
> 
> Not exactly. An SSL certificate is not tied to an IP address, but to a
> hostname. If you only have a single SSL site on the server, it doesn't
> matter what the IP address is, or even whether it is a dynamic address
> registered with a dunamic DNS provider. It will still work.
> 
> The thing you CAN'T do is to have name-based virtual hosting with multiple
> domains on a single IP address, with more than one of them using SSL.
> Name-based virtual hosting relies on the HTTP Host: header to identify
> which virtual host is being accessed. But under SSL, the headers are
> not sent until the encrypted SSL channel has been set up. So the only
> way the server can know which certificate to use is by the IP address
> on which the request is recieved. So multiple SSL sites on a single
> box MUST each have their own IP address.

Very good explanation ! I just want to add that there is such a thing
named "Server Name Indication". With that the Virtual Host Name is sent
at SSL Handshake time, so it is possible to use name based Virtual Hosts
(No need for additional IP adresses). It needs Server and Client
support, though. Apache in CentOS 5 does not support it as far as I know.

http://en.wikipedia.org/wiki/Server_Name_Indication

-- 
happy Christmas! Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101222/956bf821/attachment.sig>


More information about the CentOS mailing list