I have a couple of sites that I want to move to Amazon EC2. All the sites uses ssl so it needs to have a dedicated ip address to each one.
My question is: Even if I host all the sites in the same instance, do I need to get one elastic ip for each site?
Ssl – amazon ec2 elastic ip. do I need one for each website I host
amazon ec2amazon-elastic-ipssl
Best Answer
While there are some solutions that allow multiple SSL identity certificates on a single IP address, in general if you require good browser compatibility, then you will require an IP per Certificate. There are some details on why this is the case in this question
The problem for standard Name-based Virtual Hosts is basically that the first thing that the https server does during the TLS/SSL handshake is send the SSL certificate with a "common name" identifying itself as www.mysecuresite.com - However Name virtualhosts relies on a "Hosts:" header to decide which site which is sent later during the HTTP phase.
Hence (using traditional... SSL v1, old browsers etc, Windows XP) there can only be 1 SSL identity per IP address, because the first thing the servername is already known as www.amazon.com, which it cannot change afterwards...
Notes -generally these are for fairly niche situations, such as intranet or *.mydomain.com wildcard certs.
Server Name Indication, is a solution for hosting multiple SSL certs on a single IP, but it has poor support:
not XP or old safari, or old android - works with only 1 IP - http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI"
Wildcard certs, not suitable in this particular situation because the servers names are domain level, eg badger.com and monkey.com, rather than badger.server.com and monkey.server.com