Shared ssl


#1

Does anyone know if dreamhost offer access to a shared ssl certificate or do we need to purchase it? Basically some of my clients might want the option of a shared ssl so I just wanted to check it out. Thanks


#2

Nope. And…I wish. The minimum requirement for SSL here is a dedicated IP address, which is something like $3 per month. It’s in their Suggestions queue, though:
https://panel.dreamhost.com/index.cgi?tree=home.sugg&category=Goodies - Secure Server&search=ssl

-Scott


#3

Many thanks for your reply Scott. If I get a unique IP will I be able to have different SSL certificates per client site that I’m hosting?

Or in this case would I need to purchase an SSL certificate and use that as a shared certificate for all of my clients?


#4

I don’t know the workings of SSL here. You’d have to ask Support about that. I think that the unique IP address is to ensure that it doesn’t change and matches the certificate(s). A shared (or self-signed) certificate will always throw up a red flag because it doesn’t match the name of the site.

It’d be nice to hear back to find out if one can host multiple SSL domains on one unique IP address.

-Scott


#5

Due to the way SSL works, you “can’t” do this.

The caveat is that you can do this, but the server will only present a single certificate (generally the first one in the configuration file). As a result, the browser will warn the user about a mismatch between the domain name of the requested server and the domain name of the presented certificate.

An exception to the caveat is that you can use SSL on a different port (not 443) and have the server present a different cert for that different port - but this is kind of weird and means that your https links have to have an embedded non-standard port in the url.

What are [color=#CC0000]50DISK50[/color], [color=#CC0000]3DOM50[/color], and [color=#CC0000]1IP1DOM50[/color]?
More Dreamhost coupons


#6

Thanks for your reply lensman, any ideas of an ssl I can purchase and assign to dreamhost that does allow for shared access? Or is this just a dreamhost thing where that is not possible at all?


#7

Typically, a “shared certificate” will be a wildcard certificate installed for a domain. For instance, some if there were a shared certificate available for *.dreamhosters.com, we could all use ssl (https) for our dreamhosters subdomains. If we set those domains as mirrored domains, we could mirror all or some of the content at our primary domains.

What you could do is buy a wildcard certificate for *.yoursecuredomain.tld. You could then use one subdomain per client site - for example, client1.yoursecuredomain.tld might be used for client1.tld.

You could alternately and more cheaply just use a single domain with mapped subdirectories. An example of this would be yoursecuredomain.tld/client1.

In all of these cases, you will have to direct your clients “outside” of their assigned domains to some shared domain unless you’re going to have you clients use the subdomains in the first place.

BTW, the other problem is that wildcard certificates are much more expensive. The last time I looked to buy one they were $1000 a year and up but I just searched and found one from a super-discount vendor for around $200 a year. This same vendor has regular cheapo certs for $20 a year.

What are [color=#CC0000]50DISK50[/color], [color=#CC0000]3DOM50[/color], and [color=#CC0000]1IP1DOM50[/color]?
More Dreamhost coupons


#8

Once again thanks so much for your insight it is valuable, cheers!


#9

Anytime!

I’m surprised and gratified when people find my ramblings helpful. :slight_smile:

What are [color=#CC0000]50DISK50[/color], [color=#CC0000]3DOM50[/color], and [color=#CC0000]1IP1DOM50[/color]?
More Dreamhost coupons