How do I assign additional IP addresses in RedHat/CentOS?

If you are using CPanel, you should add the IP addresses through WHM.  Do not follow these instructions if you are using CPanel.

If you want to assign the addresses 3.2.1.1 – 3.2.1.20 to your server, you will need to create a RANGE file.

cd /etc/sysconfig/network-scripts
ls ifcfg-eth1-range*

If you already have a range file, you will need to create a new one for the new range of IPs you are adding, eg ‘nano ifcfg-eth1-range1` .  If you have one named range1, name the next range2 and so on.

nano ifcfg-eth1-range1

Place the following text in the file:

IPADDR_START=192.168.0.10
IPADDR_END=192.168.0.110
CLONENUM_START=0

Note: CLONENUM_START defines where the alias will start.  If this is the second range file, you will need to set CLONENUM_START to a value higher than the number of IP addresses assigned.  To check what you currently have used, you can run ‘ifconfig –a | grep eth1’.  This will list devices such as eth1:0, eth1:1, eth1:2, and so on.  If you are currently using upto eth1:16, you will need to set CLONENUM_START to 17 to assign the IPs correctly.

Why do I need an owned IP for my own SSL certificate?

The reason you must have your own dedicated IP address when you want to use your own SSL certificate (when you don’t want the server wide shared certificate) is because of the way SSL and Apache (httpd) works.

For name based web-hosting (when many domains are on one IP) the web browser will pass the name of the domain being requested inside the httpd headers along with the request.  This way, Apache knows which domain you are trying to access even though there are many domains on that one IP address.

When you do the same thing through an SSL connection, the connection has to be made *before* the request can be sent.  In this connection, the certificate is passed.  The only information that Apache knows before the request is made is which IP the connection is being made to.  It has to be able to know which certificate to send before the request is made, thus you can’t use multiple certificates on the same IP (if you do, Apache will use the first certificate listed which DA will always set to the server shared certificate for shared IPs).

If you want to use your own certificate, it must be the first certificate listed.  This wouldn’t work for a shared IP, because there would multiple domain wanting this status, and the first certificate would the one shown.  For this reason the shared certificate is always used on a shared IP.  For your certificate, DA will acknowledge the IP as being ‘owned’ and will remove the server shared certificate as the first cert to be loaded, thus your certificate will be loaded instead.