6

I currently have a dedicated server with a domain name eg. domain.com which has its own dedicated IP address. I need to secure only one sub domain eg. secure.domain.com

Does this subdomain need its own dedicated IP address to get an SSL certificate? Also, am I correct in thinking that I only need a standard certificate not a wildcard?

John Wheal
  • 456
  • 5
  • 17

2 Answers2

10

If you only have one SSL subdomain, then you only need one IP address and you don't need a wildcard. You can run SSL for secure.domain.com on the same IP address as non-SSL for domain.com.

If you have more than one SSL domain, there are four ways to handle it:

  1. Multiple IP addresses
  2. Wildcard SSL certificate
  3. Server Name Indication
  4. Subject Alternative Name

They all have their own advantages and drawbacks, and you'd have to research them all to work out what's best for your application.

Mike Scott
  • 7,993
  • 31
  • 26
1

The certificate is associated with the name, not the IP address, so no, you don't need a dedicated IP address for your secure site.

If you only plan to have one secure site, a non-wildcard certificate should be sufficient.

Dominic Cronin
  • 670
  • 4
  • 21
  • This is not fully correct Dominic. According to this: http://www.martfox.com/customer/knowledgebase/140/Why-a-SSL-Requires-Dedicated-IP.html - in Apache an SSL cert is usually tied to an IP address because the SSL handshake happens before the browser has even specified which domain it is requesting. There may be some technical methods to get around this, however. – Simon East Sep 28 '12 at 01:08
  • If you only have one secure site, that won't be necessary. – Dominic Cronin Oct 02 '12 at 14:08