搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

My SSL-secured website gets warning "connection not secure" when I access the site by IP:443

more options

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

所有回覆 (5)

more options

Firefox looks at the Common Name and Subject Alt Name fields in the certificate. Do other browsers work differently in this regard?

more options

Thank you jscher! That is very helpful info. Question, does FF actually look up the reverse DNS to find the certificate, or does it just automatically flag hard IP addresses in the address bar as suspect? Sorry if I'm a bit of a noob with SSL tech.

more options

I'm pretty sure the first step is for the host name to be in the certificate presented by the host, so we're not getting past first base.

more options

Maybe I'm missing something, but in my original question, I state that it's all fine (the lock symbol) when using the domain name in the address bar. Meaning, my domain name IS the "common name" in the cert. BUT, additionally, perhaps from what you said, I could put the *IP address* in the cert as a Subject Alternative Name, then I could access the site with "https://[ip address]:443" and see the nice lock symbol? (Of course, if I want to move to another IP address, I would have to change the cert as well. I understand this goal is not anything a "normal" website would need, but I just want to understand how the warnings work. Thank you for your time!)

more options

I don't have any experience with SSL certs for IP addresses, but you could check with your cert supplier.