When setting up an online store (or any site that accepts payments) it’s important that the end user be completely confident in the security of your website. The best way to do this is to buy and install an SSL Certificate to encrypt the transactions between your web server and your clients browser.

If you plan on using a SSL Certificate on your website, your hosting provider will require you to pay for a dedicated IP address. Without it your certificate will simply not work.

This is due to the way that HTTP Request Headers and SSL work.

HTTP Request Headers

When your website is hosted on a dedicated IP address you should be able to access your site directly via the IP.

For example, you can access Google either by the hostname:
http://www.google.com
or by the IP address:
http://74.125.237.84/

But if your website is hosted on a shared IP address, you can’t access it via the IP. This is because your web server software (Apache, IIS, etc) has no way of knowing which website you’re requesting.

Below is an example HTTP Request Header:

 GET /index.html
Host: www.google.com
Connection: keep-alive
Referer: http://https://www.atomix.com.au
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1

Your web browser connects to the IP of the web server (in this case 74.125.237.84), passes the hostname (www.google.com), and issues the “GET” command to ask the server for a particular page (index.html). The “Host” informs the server which website you’re trying to access, this is how shared hosting works.

SSL Certificates

The reason why a dedicated IP is needed for an SSL Certificate is that the secure connection is made before the HTTP Request Header is sent. On a shared IP, the server will have no way of knowing which certificate to load as the “Host” header hasn’t been passed through yet. With a dedicated IP, SSL won’t need to know the hostname; there’s only one site hosted on that IP address and therefore only one certificate.

Finally, here is a simple breakdown of the entire SSL HTTP request process:

  1. User enters the domain name in their browser (eg https://www.google.com)
  2. A DNS lookup is performed to determine the server IP (74.125.237.84)
  3. The browser connects to the IP and performs an SSL “handshake”
  4. The server sends the certificate, the browser validates this.
  5. If successful, a secure connection is initiated.
  6. The browser can now issue an HTTP Request to the server using the secure connection
  7. The HTTP response is encrypted to ensure the security of the transaction