Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ip based ssl certificate [closed]

I have two domain names pointing to the same ip, I am currently not using virtual host in my apache configuration. I simply use /var/www/html/ as root of the app. do I need to buy 2 godaddy certificates, one for each domain? It seems that godaddy certificate is tied to a domain, not ip, can someone clarify?

like image 328
user121196 Avatar asked May 18 '10 05:05

user121196


People also ask

Are SSL Certificates tied to IP address?

An SSL Certificate is usually issued to a domain name and not an IP address. So long as your web server is hosting the domain name for which your SSL Certificate has been issued, the IP address doesn't matter.

How do I reactivate my SSL certificate?

What reactivation looks like? Go to “My SSL” and click “Renew” filter next to search. Certificates that require reactivation will have “Reactivate” button next to it. Click it to enter activation flow.

What is IP based SSL?

IP-based SSL certificates use the dedicated public IP address of the server on which the website is hosted to map the certificate to the site. In addition to the problem of only a limited number of IPv4 addresses being available, this approach can be expensive — especially when you have multiple websites.

Does https work with IP address?

The short answer is yes, but we don't recommend it. If your IP address changes your SSL certificate can become useless.


3 Answers

That is correct, SSL certificates are tied to a domain, not an IP address. The problem is that people type domain names into their browser address bar, not IP addresses (usually) and it's what you type into the address bar that is validated against the certificate (that is, the certificate validates that what you type into the address bar is what you're actually getting).

like image 91
Dean Harding Avatar answered Oct 01 '22 12:10

Dean Harding


The SSL certificate has to match whatever host is typed in the browser's URL bar. If you type in a domain name, then the SSL cert has to match the domain name. If people use two different domain names, then you need two different SSL certificates (or one certificate that's valid for multiple domains). If you expect users to type in an IP address in the browser, then the cert would have to match the IP address.

However, in order to buy a certificate for an IP address from a reputable vendor (if the vendor will sign it at all), you need to be the owner of the netblock according publicly held records (e.g. ARIN, RIPE, etc.). See for example the GobalSign FAQ.

like image 45
tylerl Avatar answered Oct 01 '22 14:10

tylerl


It depends on the SSL certificates. Some of them allow to specify more than one domain. Often this is limited to two names (www.example.org and example.org).

If it is exactly the same app on both domains, you should just configure a redirection from seconddomain.com to firstdomain.com - so there is only one domain name to worry about.

like image 28
Alex Avatar answered Oct 01 '22 12:10

Alex