PDA

View Full Version : SSl Cert

planet_fox
6th January 2007, 13:47
As it is possible with ISP Config on for example 192.168.1.1 several SSL certificate provides for each particular domain.


or is it force-turn necessarily for each SSL certificat its own IP to have?
vogelor
6th January 2007, 14:34
it is a problem from SSL, that SSL needs a unique IP for EVERY Certificate. This means ONE IP <-> ONE SSL Domain. This is the standard (100% sure)

i know, that there exists some (expensive) Certificates you can use on one shared IP. This means ONE IP <> MORE SSL Domains. But this is ONE Cetrificate which contains many "SSL-Domains" (not 100% sure, but i mean this is the case)
planet_fox
6th January 2007, 21:14
How do I know several SSL order on a IP to bind?
vogelor
6th January 2007, 21:16
How do I know several SSL order on a IP to bind?
sorry, don't understand what you mean.
Please tell in other words again. Thanks
falko
7th January 2007, 19:47
You can have only one SSL web site per IP address, it's a limitation of the https protocol.
If you need more than one SSL web site, you need additional IP addresses.
vogelor
7th January 2007, 20:48
You can have only one SSL web site per IP address, it's a limitation of the https protocol.
If you need more than one SSL web site, you need additional IP addresses.

sorry if i correct you, but i have read, that you can have 1 certificate with several domain-names at 1 IP! this is possible, but expensive
(have a look at this it is called multi domain certificate)
http://www.psw.net/ssl.cfm?gclid=CMSF_Lr7zokCFRy_XgodFQ0uOA#4 (sorry, only german)
martinfst
7th January 2007, 21:12
sorry if i correct you, but i have read, that you can have 1 certificate with several domain-names at 1 IP! this is possible, but expensiveYes, possible, but not supported by all browsers and not supported by all Certificate Authorities, so you're not able to buy such a certificate from any provider. And in general I have to say this is a bad idea. It bypasses the objective of SSL security to authenticate a website properly. Another restriction IIRC is that it's only for hostnames, so *.domain.tld is supported, not *.*.tld.
vogelor
8th January 2007, 10:02
Yes, possible, but not supported by all browsers and not supported by all Certificate Authorities, so you're not able to buy such a certificate from any provider. And in general I have to say this is a bad idea. It bypasses the objective of SSL security to authenticate a website properly. Another restriction IIRC is that it's only for hostnames, so *.domain.tld is supported, not *.*.tld.

that's my oppinion to. i would NEVER use it. but it is (under some circumstances) possible :D