tags:

views:

168

answers:

3
+1  Q: 

ip based ssl certificate

I have two domain names pointing to the same ip, I am currently not using virtual host in my apache configuration. I simply use /var/www/html/ as root of the app. do I need to buy 2 godaddy certificates, one for each domain? It seems that godaddy certificate is tied to a domain, not ip, can someone clarify?

+3  A: 

That is correct, SSL certificates are tied to a domain, not an IP address. The problem is that people type domain names into their browser address bar, not IP addresses (usually) and it's what you type into the address bar that is validated against the certificate (that is, the certificate validates that what you type into the address bar is what you're actually getting).

Dean Harding  2010-05-18 05:55:20
+1  A: 

It depends on the SSL certificates. Some of them allow to specify more than one domain. Often this is limited to two names (www.example.org and example.org).

If it is exactly the same app on both domains, you should just configure a redirection from seconddomain.com to firstdomain.com - so there is only one domain name to worry about.

Alex  2010-05-18 05:58:53
I don't think a redirect will work because the SSL connection (and hence certificate) is verified *first* - even before a 301 redirect would be processed. But good point about multiple domains per certificate.
Dean Harding  2010-05-18 06:05:58
+1  A: 

The SSL certificate has to match whatever host is typed in the browser's URL bar. If you type in a domain name, then the SSL cert has to match the domain name. If people use two different domain names, then you need two different SSL certificates (or one certificate that's valid for multiple domains). If you expect users to type in an IP address in the browser, then the cert would have to match the IP address.

However, you're not going to be able to buy a certificate for an IP address. Not from a reputable vendor at least. This is because you can't "own" an IP address the same as you do for a domain name. The IP is just used for routing, and could theoretically be reassigned to someone else at some point. So no one will grant you a certificate for an IP.

tylerl  2010-05-18 06:02:17
Good explanation. However, I read somewhere that some reputable CAs are offering certs for IP addresses. Presumably you must somehow prove that you own the IP address for the life of the certificate. I can't remember where I read this. Anyway, users never type IP addresses into their browsers address bar, so this wouldn't help the OP.
GregS  2010-05-18 23:59:40

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL