===== Question "IP address not accepted by Gandi.", by S. L. =====

Hi,



I tried to put IP in Common Name, using your ssl certificate activation url:

https://www.gandi.net/admin/ssl/activate-certi



Error:

Invalid CSR (invalid value for FQDN [206.248.171.233])



Could you tell me how I can use one certificate for multiple servers?



Please reply to my email. I'm user SL567-GANDI.





===== Answer, by Joshua B. =====

The **common name** must match the hostname/servername of your server.

**FQDN** is a Fully Qualified Domain Name, which means you can't use an IP.

A common name of "sub.domain.com" would only be correct if someone went to "sub.domain.com"
A common name of "mail.domain.com" would only be correct if someone went to "mail.domain.com"

While could could use a common name of "sub.domain.com" for "mail.domain.com" and have an encrypted connection, most browsers would flag the certificate as "suspicious" and try to convince you it is not encrypted and the world will end, usually with big red icons and/or popup boxes.

An SSL certificate only proves who you are communicating with. A self signed certificate or a certificate with the wrong common name will still provide a secure connection as long as no one else has access to the private key.

To use a certificate for multiple subdomains you can use a wildcard character (*) at the start of the common name. "*.domain.com" should work for all subdomains of "domain.com".

A domain name is just a name that points to an IP address and has no real effect on the SSL certificate.

If that single entry IP is a load balancer balancing 100 servers then you just need to install the certificate on all 100 servers and have them all configured correctly and the certificate will secure all 100 servers.

If you have "www.domain.com" and "admin.domain.com" pointing to different IP addresses then a wildcard certificate will secure both if they both have the certificate and are configured correctly.

I hope this helps.