do i need a dedicated ip address for https?

Laszlo Nagy gandalf at
Wed Dec 22 12:55:13 UTC 2010

On 2010-12-22 07:53, S Mathias wrote:
> "# Set up SSL protection on your website."
> is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain?
Obviously, you cannot have a website without an IP address.
Another strict rule is that you can only use one SSL certificate per IP 
address + PORT. This is determined by the SSL protocol, and you cannot 
do anything to change it.

But there are possibilities. You can use different SSL certificates for 
the same ip address and different port numbers:


etc. (where your_domain_1 and your_domain_2 have the same IP, and you 
have different certificates from them).

You can also use many host names with the same IP address and port 
number, but they will have to share the same SSL certificate. It is not 
a problem, if they are subdomains, and you own a wildcard certificate. 

etc. (where you have a wildcard certificate for *

And finally, it is possible to use different domains and the same port, 
without wildcard certificate or subdomains, but then all connecting 
clients will complain about the problem (e.g. certificate belongs to a 
domain that differs from the one you are connecting to.) For any serious 
projects, this is not recommended. You cannot expect customers sending 
you private information on a website that cannot identify itself...



More information about the freebsd-questions mailing list