ip based ssl certificate [closed]
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Close开发者_高级运维d 10 years ago.
Improve this questionI have two domain names pointing to the same ip, I am currently not using virtual host in my apache configuration. I simply use /var/www/html/ as root of the app. do I need to buy 2 godaddy certificates, one for each domain? It seems that godaddy certificate is tied to a domain, not ip, can someone clarify?
That is correct, SSL certificates are tied to a domain, not an IP address. The problem is that people type domain names into their browser address bar, not IP addresses (usually) and it's what you type into the address bar that is validated against the certificate (that is, the certificate validates that what you type into the address bar is what you're actually getting).
The SSL certificate has to match whatever host is typed in the browser's URL bar. If you type in a domain name, then the SSL cert has to match the domain name. If people use two different domain names, then you need two different SSL certificates (or one certificate that's valid for multiple domains). If you expect users to type in an IP address in the browser, then the cert would have to match the IP address.
However, in order to buy a certificate for an IP address from a reputable vendor (if the vendor will sign it at all), you need to be the owner of the netblock according publicly held records (e.g. ARIN, RIPE, etc.). See for example the GobalSign FAQ.
It depends on the SSL certificates. Some of them allow to specify more than one domain. Often this is limited to two names (www.example.org and example.org).
If it is exactly the same app on both domains, you should just configure a redirection from seconddomain.com to firstdomain.com - so there is only one domain name to worry about.
精彩评论