[CentOS] do i need a dedicated ip address for https?

Ben McGinnes ben at adversary.org
Wed Dec 22 23:40:32 UTC 2010


On 22/12/10 11:52 PM, Nico Kadel-Garcia wrote:
> 
> It's the easiest way to do it. If you allow someone else to hold your
> SSL keys, they can do interesting things to act as your front end to

Where in the original post did it mention using a system that's not
under their control?  The question was about a static IP address, not
the system the keys and certificates would be installed on.

> register your hostname associated with a registered key, but that
> gets tricky. And there are other fancy tricks, but they get weird
> and painful.

Yes, it also depends on how much effort they're willing to go to and
whether or not they care if a visitor notices.

> But let's be honest. Most SSL encryption is not done to authenticate
> a website as a signed, registered websites. Most of us at penny-wise
> workplaces have to hit "Yes, I accept this unsigned key" pop-ups all
> the time. SSL is often useful merely to encrypt the traffic
> end-to-end while clients accept such unsigned or incorrectly
> registered keys without concern. For that kind of use, dodging and
> weaving unregistered IP addresses are common place.

That's what my self-signed site is for, but then I live in a country
that is still debating mandatory Internet censorship.

Most people wanting SSL on their website see it as a business
requirement and most of those sites are running on shared or VPS
hosting.


Regards,
Ben



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101223/00f38be6/attachment.sig>


More information about the CentOS mailing list