Results 1 to 5 of 5
-
06-16-2005, 09:59 PM #1WHT Addict
- Join Date
- Jan 2005
- Posts
- 110
Dedicated IP for own SSL certificate: Technically Why???
I have been reading all around that you need a dedicated IP for your own SSL certificate but don't need one for shared SSL. But can't seem to find the technical reason as to why it is needed. As far as my understanding goes, in a shared envoirment there are many domains hosted on same machine and may be on same IP also. Like this:
my-hosts-domain.com => IP 66.66.66.66 => SSL installed
abc.com => IP 66.66.66.66 => uses shared SSL of host
pqr.com => IP 33.33.33.33 => same machine but own SSL installed
I need to know when a single machine can host so many IPs, a single IP can have so many domains attached to it, can a single IP cannot have multiple SSL certs issued for different hosts.
Regards
Akash
-
06-16-2005, 10:01 PM #2Web Hosting Master
- Join Date
- Jun 2000
- Location
- Washington, USA
- Posts
- 5,990
The Secure Socket Layer (SSL) is setup before the HTTP headers are passed. So, in a shared IP situation, you establish the SSL connection, then your browser passes the Host: header.
-
06-16-2005, 10:04 PM #3Web Hosting Master
- Join Date
- Apr 2000
- Location
- California
- Posts
- 3,051
SSL happens at a lower layer than HTTP, actually, so you can only have one certificate per IP (per port), and this is why you can't install multiple certificates on a single IP, since it's actually connecting to the IP and port. You can have additional certificates on different ports on the same IP, but not the default SSL port (443) for secure web pages.
-
06-16-2005, 10:16 PM #4WHT Addict
- Join Date
- Jan 2005
- Posts
- 110
When the browser establishes a SSL connection with the IP, is it that time the server sends the information on host to which the cert attached to this IP has been issued. And later browser matches it with the host you typed in? I agree that two certs on same IP would mean a confusion and problem but I need to know what actually prevents multiple certs installation on same IP. Is it the server software like Apache or something else?
-
06-16-2005, 10:24 PM #5Web Hosting Master
- Join Date
- Apr 2000
- Location
- California
- Posts
- 3,051
As mentioned above, it's a lower layer than HTTP (than what Apache is running), so this is what decides if it's possible or not. As for two on the same IP, they can be run on the same IP, but not on the same port at the same time. The port is already bound to (taken) by one.