My SSL-secured website gets warning "connection not secure" when I access the site by IP:443
When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.
All Replies (5)
Firefox looks at the Common Name and Subject Alt Name fields in the certificate. Do other browsers work differently in this regard?
Thank you jscher! That is very helpful info. Question, does FF actually look up the reverse DNS to find the certificate, or does it just automatically flag hard IP addresses in the address bar as suspect? Sorry if I'm a bit of a noob with SSL tech.
I'm pretty sure the first step is for the host name to be in the certificate presented by the host, so we're not getting past first base.
Maybe I'm missing something, but in my original question, I state that it's all fine (the lock symbol) when using the domain name in the address bar. Meaning, my domain name IS the "common name" in the cert. BUT, additionally, perhaps from what you said, I could put the *IP address* in the cert as a Subject Alternative Name, then I could access the site with "https://[ip address]:443" and see the nice lock symbol? (Of course, if I want to move to another IP address, I would have to change the cert as well. I understand this goal is not anything a "normal" website would need, but I just want to understand how the warnings work. Thank you for your time!)
I don't have any experience with SSL certs for IP addresses, but you could check with your cert supplier.