http://help.godaddy.com/article/1054 "# Set up SSL protection on your website." is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? thank you happy Christmas! :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/22/2010 12:53 AM, S Mathias wrote:> http://help.godaddy.com/article/1054 > > "# Set up SSL protection on your website." > > is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? > > thank you > > happy Christmas! :) > >Yes it is -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJNEaR9AAoJEPXCUD/44PWqFhAP/33q9sCa7q4a594qSJBPkv8A Twf+AkHc0H6siFikhAgi9RhpXDQXaAHusepf3s1UgD9lUGjOU1xtjiGFlbsTGE8T KDDb7fHSqzrEaE0HND8QBBXsccMbiYSozTXE5VT8QRz9G8wlCMA1+HLCEwUvGF9u 5x9WbzusMjlsTaHHOadOU55xcbBuNlNMq6V5jmbvdouriVfDg95xiwFEb3k+HVo8 fZAgodU8vuvVax9ycHgfbGLYC8ueJw/RW5H94OVh5465EY9ObVBHFSd01B7qlZrO TQxI/gtKcZTj8TYPn9mBRmzyIenhy6joU+ZBawff4P+1RLtAjxJHbYbpRa/r4Wmh HqoJNKi0TpJ4l+t04an5I1RWHOlA6JT+GGDOnOGNbgfmFwG3/h2Bh3QeILPOZBzV qznFA9JLaHl6ZitWffqav2XxzQaxzElWdJftt71YAGLe+6h+WA/HCtFots/O6GY2 9F9k7Lv+cy/a44qnQOu7fKJsihHT/uzKrSMn+c3209JJVFrBvFg0ow6lpfK2rbLj O79jsbZ4IbtlQQKhiSqXz1gj26xd2X9Qfw5ePOj+DuOjgqgIy8q9IBiuvnL8zXik MvedQTXtwHIy3UBI/tCfKQ6itJGUMhIoEWqrO7yP6KYf1NSqWvDxGLLar26Lfp93 W6B3tUG4tdNN3ahY09Pu =56E3 -----END PGP SIGNATURE-----
2010/12/22 S Mathias <smathias1972 at yahoo.com>:> http://help.godaddy.com/article/1054 > > "# Set up SSL protection on your website." > > is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain?delicated port (443) is needed per ssl host. you can also use wildcard certificates to host multiple ssl domains on same port. -- Eero
Tony Mountifield
2010-Dec-22 10:05 UTC
[CentOS] do i need a dedicated ip address for https?
In article <133721.39495.qm at web121405.mail.ne1.yahoo.com>, S Mathias <smathias1972 at yahoo.com> wrote:> http://help.godaddy.com/article/1054 > > "# Set up SSL protection on your website." > > is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to > use ssl on my domain?Not exactly. An SSL certificate is not tied to an IP address, but to a hostname. If you only have a single SSL site on the server, it doesn't matter what the IP address is, or even whether it is a dynamic address registered with a dunamic DNS provider. It will still work. The thing you CAN'T do is to have name-based virtual hosting with multiple domains on a single IP address, with more than one of them using SSL. Name-based virtual hosting relies on the HTTP Host: header to identify which virtual host is being accessed. But under SSL, the headers are not sent until the encrypted SSL channel has been set up. So the only way the server can know which certificate to use is by the IP address on which the request is recieved. So multiple SSL sites on a single box MUST each have their own IP address. Hope this helps!> thank you > > happy Christmas! :)Happy Christmas to you too! Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
Adam Tauno Williams
2010-Dec-22 12:45 UTC
[CentOS] do i need a dedicated ip address for https?
On Tue, 2010-12-21 at 22:53 -0800, S Mathias wrote:> http://help.godaddy.com/article/1054 > "# Set up SSL protection on your website." > is it an inescapable requirement to have a dedicated [not fix] ip > address, when i want to use ssl on my domain?Yes. Reverse DNS has to be working.
Nico Kadel-Garcia
2010-Dec-22 12:52 UTC
[CentOS] do i need a dedicated ip address for https?
On Wed, Dec 22, 2010 at 1:53 AM, S Mathias <smathias1972 at yahoo.com> wrote:> http://help.godaddy.com/article/1054 > > "# Set up SSL protection on your website." > > is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? > > thank you > > happy Christmas! :)It's the easiest way to do it. If you allow someone else to hold your SSL keys, they can do interesting things to act as your front end to register your hostname associated with a registered key, but that gets tricky. And there are other fancy tricks, but they get weird and painful. But let's be honest. Most SSL encryption is not done to authenticate a website as a signed, registered websites. Most of us at penny-wise workplaces have to hit "Yes, I accept this unsigned key" pop-ups all the time. SSL is often useful merely to encrypt the traffic end-to-end while clients accept such unsigned or incorrectly registered keys without concern. For that kind of use, dodging and weaving unregistered IP addresses are common place.