Is it possible to have SSL certificate for IP address, not domain name?

后端未结

关注

 7  1827

南旧 2020-11-22 15:53

I want my site to use URLs like http://192.0.2.2/... and https://192.0.2.2/... for static content to avoid unnecessary cookies in request AND avoid

7条回答

孤街浪徒 (楼主)

2020-11-22 16:41
The short answer is yes, as long as it is a public IP address.

Issuance of certificates to reserved IP addresses is not allowed, and all certificates previously issued to reserved IP addresses were revoked as of 1 October 2016.

According to the CA Browser forum, there may be compatibility issues with certificates for IP addresses unless the IP address is in both the commonName and subjectAltName fields. This is due to legacy SSL implementations which are not aligned with RFC 5280, notably, Windows OS prior to Windows 10.

Sources:
1. Guidance on IP Addresses In Certificates CA Browser Forum
2. Baseline Requirements 1.4.1 CA Browser Forum
3. The (soon to be) not-so Common Name unmitigatedrisk.com
4. RFC 5280 IETF
_{Note: an earlier version of this answer stated that all IP address certificates would be revoked on 1 October 2016. Thanks to Navin for pointing out the error.}
0 讨论(0)

查看其它7个回答
发布评论:

提交评论
- 加载中...