Why do I need an owned IP for my own SSL certificate?

The reason you must have your own IP address when you want to use your own SSL certificate (when you don't want the server wide shared certificate) is because of the way SSL and apache (httpd) works.

For name based webhosting (when many domains are on one IP) the web browser will pass the name of the domain being requested inside the httpd headers along with the request.  This way, apache knows which domain you are trying to access even though there are many domains on that one IP address.

When you do the same thing through an SSL connection, the connection has to be made *before* the request can be sent.  In this connection, the certificate is passed.  The only information that apache knows before the request is made is which IP the connection is being made to.  It has to be able to know which certificate to send before the request is made, thus you can't use mutiple certificates on the same IP (if you do, apache will use the first certificate listed which DA will always set to the server shared certificate for shared IPs).

If you want to use your own certificate, it must be the first certificate listed.  This wouldn't work for a shared IP, because there would multiple domain wanting this status, and the first certificate would the one shown.  For this resaon the shared certificate is always used on a shared IP.  For your certificate, DA will aknowledge the IP as being 'owned' and will remove the server shared certificate as the first cert to be loaded, thus your certificate will be loaded instead.


Was this article helpful?

mood_bad Dislike 1
mood Like 0
visibility Views: 27591