Do I Need Dedicated IP Address to Install SSL/TLS Certificate On Website?

Possibility to Comply With Google Policy of Having an SSL/TLS Certificate Installed Without Dedicated IP Address

If you’ve got a website, then you might be aware Google has made it mandatory to have an SSL/TLS certificate installed on your website to avoid warning message of “Not Secure” on web browsers. No matter whether it deals with sensitive information or not, nowadays, SSL is not an option, but it’s a compulsion.

On the other hand, SSL installation is another question. Though it may look quite technical for new users, the overall process is relatively easy. However, one question still lingers around, though it’s not often asked always sometimes it does popups – Do you need a dedicated IP address if you’ve to install an SSL/TLS certificate.

The short answer to this question is NO.

A dedicated IP address is not mandatory to install an SSL/TLS Certificate.

Now, let’s look into the bigger picture, why some hosts still suggest that you must have a dedicated IP address before allowing you to install an SSL/TLS certificate.

But before we get into details, let’s understand what’s dedicated IP address.

What’s IP Address

Put simply, IP address (Internet Protocol Address), means the numerical address of a computer in the realms of the internet or a local network.

It’s similar to our home address, which is unique for everyone –every device has its unique IP address. For example, if you’re using a smartphone or computer, each will represent an IP address for that device, and in the same way, your website also has the unique IP address that tells the server where the website is hosted.

Furthermore, when it comes to the website, there are two different types of IP addresses – shared IP address & dedicated IP address.

A shared IP address means multiple users are allowed to host their website on the same server, or even your multiple websites are stored on the same server.
A dedicated IP address means each IP address is specifically dedicated to one particular website.

Also, people go with shared IP addresses due to its cost-effectiveness. But in some scenarios like a business website, where a massive chunk of data is dealt with daily basis, a dedicated IP address is also seen. And this is also one of the reasons why hosting companies tell the user to go with a dedicated IP address instead of a shared one.

Protection From Online Threats & Phishing Attacks

Phishing is one of the oldest scams which still linger on the internet. It’s a type of attack which dupes users into thinking they’re on the genuine website because of that they even end up submitting their login or other sensitive details like credit card number later on only to find they’ve become the victim. And, to avoid these types of scenarios, EV SSL/TLS certificate proves helpful.

EV SSL/TLS certificate is the certificate that isn’t easy to obtain. An applicant has to go through a very stringent verification process that verifies organization details, and even phone call verification is done, which makes it impossible for cyber crooks to obtain it. Other than that, it also provides visual indicators such as the name of the organization on clicking certificate details, which makes it easy for users to spot whether they’re on the right website or not.

Also, the research was done by Georgia Tech’s Cyber Forensics Innovation (CyFI) Lab on Extended Validated SSL/TLS Certificate. It concluded that 99.99% of the time, it’s not possible for cybercriminals to get EV SSL/TLS certificate by researching around 2.6 million domain names earlier from 2010.

Which One to Consider – Dedicated or Shared IP Address for an SSL/TLS Certificate

It’s one of the questions that has garnered many opinions. Some say dedicated the best to go with, and some say shared is not that bad either.

If you’ve asked this question some years back, the straight answer would’ve been a dedicated IP address without being questioned. But, thanks to the SNI (Server Name Indication) technology. Now, there’s the possibility to host more than one website on a single IP address.

In today’s date, usually, all the servers come along with the SNI technology, which makes it possible to host multiple SSL/TLS certificates for websites. So, if you’re out there who’s looking to host multiple SSL/TLS certificates for numerous websites on a single IP address, SNI will help to create a virtual host environment for the additional SSL equipped websites.

Things to Think About if You’re Not Using Dedicated IP Address

There are many reasons where it seems logical and even considerable for making use of SNI technology and host multiple websites and link them using a single IP address. Also, for a certain situation, it’s the best option, too. However, there are some things that you must consider before making use of SNI as a dedicated IP address has their own benefits also:

Increased Stability & Reliability of the Website

You may not be aware, but compared to the shared IP address, a dedicated IP address is more stable. It doesn’t depend upon anyone’s action. If you go for a dedicated IP address, the risk ratio of server downtime will be eliminated while keeping your IP address refreshed.

Old Browsers & Compatibility Issues

In today’s date, usually, this shouldn’t be an issue as today’s new-age browsers have to support for SNI. Even 2017’s report by Akami said that around 98% of HTTPS requests are by those browsers that have support for SNI. But, even if you have a little doubt about your user base using old browsers, then you must look into this point.

For instance, Internet Explorer on Windows XP and Android browsers on Android 1.x and 2.x don’t support SNI. And sadly, in today’s date, also at least 7% of market share has held on such old devices.

Slim Chance of Your IP Address Getting Blacklisted

Sharing an IP address with the wrong person can put you in a bad situation. For instance, if your IP address is shared with someone who’s in spam activity (Often happens when IPs are shared with people who email campaigns), then you may end-up by paying the price for someone else’s illicit activity. In other words, if the IP address gets blacklisted because of them, it’ll affect you either. And, dedicated IP address, is only dedicated to one website, it means you won’t have to worry about what others are up to.

Multi-Domain (SAN) SSL/TLS Certificate a Breeze

However, if you have more than one website and you would like to keep all of them on one single IP address, then one more thing you can consider is that going for Multi-domain SSL/TLS certificate. It allows their user to secure more than one website using one single SSL/TLS certificate, ultimately a cost-effective option as you won’t have to spend on SSL/TLS certificate for every available website.

Though, be careful that you haven’t already purchased any SSL/TLS certificate because the option of Multi-Domain SSL/TLS certificate will only be useful if you haven’t installed SSL/TLS certificate on any of the website. If you have, then you won’t be able to install SSL on that particular website or websites.

Shared IP Address Doesn’t Always Mean Shared Hosting

Another essential thing to note is that just because your website is using a shared IP address, it won’t necessarily mean that it also uses shared hosting. Shared hosting usually means sharing one single hardware and networking resources with more than one user on a single server, and it can include an IP address, but not all the time. Though many times both go hand in hand, it’s not always true.

Summary

If you have this question about whether to go for a dedicated IP address or not for SSL/TLS certificate, then hopefully, you might have got your answer. It’s not mandatory, but it would be an excellent option to go for if you think it’s a convenient option. And, lastly, if you want you can change your IP address if you wish to, even Fortune 500 companies had done it many times.

AboutSSL’s Best Stuff

