Results 1 to 5 of 5
  1. #1
    Join Date
    Jan 2005
    Posts
    110

    Dedicated IP for own SSL certificate: Technically Why???

    I have been reading all around that you need a dedicated IP for your own SSL certificate but don't need one for shared SSL. But can't seem to find the technical reason as to why it is needed. As far as my understanding goes, in a shared envoirment there are many domains hosted on same machine and may be on same IP also. Like this:


    my-hosts-domain.com => IP 66.66.66.66 => SSL installed
    abc.com => IP 66.66.66.66 => uses shared SSL of host
    pqr.com => IP 33.33.33.33 => same machine but own SSL installed


    I need to know when a single machine can host so many IPs, a single IP can have so many domains attached to it, can a single IP cannot have multiple SSL certs issued for different hosts.

    Regards
    Akash

  2. #2
    Join Date
    Jun 2000
    Location
    Washington, USA
    Posts
    5,991
    The Secure Socket Layer (SSL) is setup before the HTTP headers are passed. So, in a shared IP situation, you establish the SSL connection, then your browser passes the Host: header.

  3. #3
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    SSL happens at a lower layer than HTTP, actually, so you can only have one certificate per IP (per port), and this is why you can't install multiple certificates on a single IP, since it's actually connecting to the IP and port. You can have additional certificates on different ports on the same IP, but not the default SSL port (443) for secure web pages.

  4. #4
    Join Date
    Jan 2005
    Posts
    110
    When the browser establishes a SSL connection with the IP, is it that time the server sends the information on host to which the cert attached to this IP has been issued. And later browser matches it with the host you typed in? I agree that two certs on same IP would mean a confusion and problem but I need to know what actually prevents multiple certs installation on same IP. Is it the server software like Apache or something else?

  5. #5
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    As mentioned above, it's a lower layer than HTTP (than what Apache is running), so this is what decides if it's possible or not. As for two on the same IP, they can be run on the same IP, but not on the same port at the same time. The port is already bound to (taken) by one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •