Dedicated IP for own SSL certificate: Technically Why???
I have been reading all around that you need a dedicated IP for your own SSL certificate but don't need one for shared SSL. But can't seem to find the technical reason as to why it is needed. As far as my understanding goes, in a shared envoirment there are many domains hosted on same machine and may be on same IP also. Like this:
my-hosts-domain.com => IP 188.8.131.52 => SSL installed
abc.com => IP 184.108.40.206 => uses shared SSL of host
pqr.com => IP 220.127.116.11 => same machine but own SSL installed
I need to know when a single machine can host so many IPs, a single IP can have so many domains attached to it, can a single IP cannot have multiple SSL certs issued for different hosts.
SSL happens at a lower layer than HTTP, actually, so you can only have one certificate per IP (per port), and this is why you can't install multiple certificates on a single IP, since it's actually connecting to the IP and port. You can have additional certificates on different ports on the same IP, but not the default SSL port (443) for secure web pages.
When the browser establishes a SSL connection with the IP, is it that time the server sends the information on host to which the cert attached to this IP has been issued. And later browser matches it with the host you typed in? I agree that two certs on same IP would mean a confusion and problem but I need to know what actually prevents multiple certs installation on same IP. Is it the server software like Apache or something else?
As mentioned above, it's a lower layer than HTTP (than what Apache is running), so this is what decides if it's possible or not. As for two on the same IP, they can be run on the same IP, but not on the same port at the same time. The port is already bound to (taken) by one.