| @ikusalic > Also, why do they have "You also need to have a dedicated IP address" in the requirements? Is this used somewhere in the validation process? I'm asking because the website runs on top of AWS S3, so I do not have dedicated IPs. The reason is because in the past browsers did not support name based virtual hosts for SSL and require a dedicated IP to negotiate the initial connection. Wikipedia gives a decent overview on SNI. [1] Amazon CloudFront supports SNI (SSL named virtual hosts) since last March [2]...I don't know if there are costs involved on the AWS side. According to Qualys, the users of the following clients would not be able to negotiate a connection to your site if you don't have a dedicated IP and use SNI instead: - Android 2.3.7 - BingBot Dec 2013 - IE 6 / XP - IE 8 / XP - Java 6u45 - Yahoo Slurp Jun 2014 Implementation notes for the more popular web servers for posterity or in case you migrate from AWS: - Apache https://wiki.apache.org/httpd/NameBasedSSLVHosts - Nginx.org links to https://www.howtoforge.com/how-to-set-up-ssl-vhosts-under-ng... I know Digital Ocean/Linode/Rackspace also offer some really good resources too aside from the SSL provider docs. I've been extremely pleased with the certs/support Namecheap resells over the past 7 years. And they do include the bare domain in the SAN automatically--it has been included for all certificates I've ever purchased. Hope this helps! [1] http://en.wikipedia.org/wiki/Server_Name_Indication [2] http://aws.amazon.com/about-aws/whats-new/2014/03/05/amazon-... |