2

I'm setting up a web server that has an internal IP address and an external IP address.

e.g. Browsers on the network request mysite.example.com and get 192.168.200
Browsers outside the network request mysite.example.com and get 74.125.127.103

I want to buy and install a certificate for SSL. How can I set this up so that both internal and external traffic is secured with a certificate? Do I need more than one certificate? Is it possible for the certificate to be valid for both IP addresses?

Lance Fisher
  • 163
  • 2
  • 6
  • i'm sorry but why would you want the SSL on your internal network ? – Prix Aug 06 '10 at 16:59
  • 5
    @Prix I'm sorry but why _wouldn't_ you want SSL on an internal network? – Zypher Aug 06 '10 at 19:00
  • because it is a internal network ? are you expecting your employeers to be running things like wireshark or w/e and steal your data ? – Prix Aug 06 '10 at 20:04
  • 2
    @Prix: Nope. I'd expect pen-testers and intruders to be running things like wireshark or w/e (whatever that is). The fact that employees can't usefully do so either is merely a side benefit. – Slartibartfast Aug 07 '10 at 17:36
  • which would make things useless if there is a hole on the external site but not on the internal ... so your focus should be testing as a proper user from the external view. – Prix Aug 07 '10 at 18:23
  • 4
    @Prix, I don't want passwords or sensitive data to be passed in clear text - ever. – Lance Fisher Aug 09 '10 at 22:05

1 Answers1

9

The certificate is checked against the domain name, not the ip. So if you set your webserver to listen for ssl connections on both IPs for the same domain name then you are fine.

Zypher
  • 36,995
  • 5
  • 52
  • 95
  • 2
    I would say that the implicit answer here is: Ensure that whatever domain name the certificate is for resolves to the appropriate IP address from internal and external hosts. You can do this by running internally a DNS server for your internal hosts that essentially overrides the DNS system available externally. – Slartibartfast Aug 07 '10 at 17:38