Pesquisar no site de suporte

Evite golpes de suporte. Nunca pedimos que você ligue ou envie uma mensagem de texto para um número de telefone, ou compartilhe informações pessoais. Denuncie atividades suspeitas usando a opção “Denunciar abuso”.

Saiba mais

Esta discussão foi arquivada. Faça uma nova pergunta se precisa de ajuda.

My SSL-secured website gets warning "connection not secure" when I access the site by IP:443

more options

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

Todas as respostas (5)

more options

Firefox looks at the Common Name and Subject Alt Name fields in the certificate. Do other browsers work differently in this regard?

more options

Thank you jscher! That is very helpful info. Question, does FF actually look up the reverse DNS to find the certificate, or does it just automatically flag hard IP addresses in the address bar as suspect? Sorry if I'm a bit of a noob with SSL tech.

more options

I'm pretty sure the first step is for the host name to be in the certificate presented by the host, so we're not getting past first base.

more options

Maybe I'm missing something, but in my original question, I state that it's all fine (the lock symbol) when using the domain name in the address bar. Meaning, my domain name IS the "common name" in the cert. BUT, additionally, perhaps from what you said, I could put the *IP address* in the cert as a Subject Alternative Name, then I could access the site with "https://[ip address]:443" and see the nice lock symbol? (Of course, if I want to move to another IP address, I would have to change the cert as well. I understand this goal is not anything a "normal" website would need, but I just want to understand how the warnings work. Thank you for your time!)

more options

I don't have any experience with SSL certs for IP addresses, but you could check with your cert supplier.