Hi,
In a web application, if it doesn't have a domain name (like a web service for example), can you still add a SSL certificate to a IP address?
If yes, how?
A:
There's some good information here: https://www.thawte.com/ssl-digital-certificates/technical-support/browserfaqs.html
I'm almost certain you need a domain to go with the SSL.
Dar
2008-11-21 20:13:53
you may be certain, but you are wrong
hop
2008-11-21 20:47:29
+2
A:
EDIT
You can. From a purely yes/no perspective, as Hop correctly notes, you can. However should you might be a better question. Or if you are self signing.
The correct answer was first provided by Hop
Original:
You purchase them by domain name only. There is a difference even between www.site.com and site.com
I know you can get wildcard certs, and of course you can generate your own, but purchasing them to use on a public web it is by domain name only.
Could your webservice be a subdomain of another domain? Ex: server.site.com. Then you can certainly put a SLL cert on that.
MrChrister
2008-11-21 20:14:30
Is it wrong, or unclear. Will a SSL provider actually sell you a cert to an IP address? You can make your own, but will Comodo or Verisign or somebody do that? I didn't want to make an account and check.I will edit or delete it if I am wrong.
MrChrister
2008-11-21 20:54:45
Comodo said "You will be issued with a certificate that will also secure www.208.109.181.103 in addition to 208.109.181.103"Naturally I didn't finish checkout. Is that bad error checking or would they sell me that?
MrChrister
2008-11-21 20:59:48
yes, there are at least some providers that will allow at least private ip addresses. globalsign, for example -- just to name one. also: the OP has not stated whether he's using self-signed certificates, in which case this wouldn't even matter
hop
2008-11-21 21:01:26
bad error checking. but it doesn't matter, since www.208.109.181.103 shouldn't ever resolve to a valid ip.
hop
2008-11-21 21:02:27
+3
A:
You can easily put an ip address into the CN (common name) of an ssl certificate by the same procedure you would use for an ordinary hostname (ssl certificates contain hostnames, not domain names).
How this is done precisely in your case cannot be answered, since you have not stated what your case is.
Browsers should match the CN of a certificate against what the user has put into the URL bar. If it's an ip address, it's an ip address.
hop
2008-11-21 20:50:11
A:
This site offers certificates for IP addresses. You wouldn't be able to (properly) use a certificate for a domain name for an IP address, however.
Garret Heaton
2009-11-05 01:18:06