Issuance of SSL/TLS Certificate for an IP Address
SSL/TLS Certificate Can Be Issued for an IP Address, but Some Conditions Are Applied
However, many might not know, or those who have technical background might question whether it’s possible to get an SSL Certificate for an IP Address.
However, to get an SSL certificate for an IP address, certain conditions are there. But, before we get into it further, let’s first understand what’s an IP Address SSL Certificate is.
What’s an IP Address SSL/TLS Certificate
Rules to Get an SSL/TLS Certificate for IP Address
- SSL/TLS certificate can be issued only for the publicly available IP Addresses.
- The IP address for which SSL certificate is requested must be owned and exclusively assigned to an organization and not to any web hosting company.
- Certificate Authority must be able to perform verification of the owner of that IP address in an IP WHOIS lookup. IP WHOIS lookup must include information like organization name, phone number, physical address, and email address.
- Only, Organization Validated (OV) SSL/TLS certificates will be offered and not any other Though, OV SSL Certificate for both Single and Multi-Domain can be used. And, you’ll even be allowed to write an IP address in field CN (Common Name) and SAN (Subject Alternative Name), if you’ve chosen to go with multi-domain SSL certificate.
- DV (Domain Validated) is not allowed, because it can create security threats as IP-addresses can be non-unique. And EV (Extended Validated) SSL/TLS Certificate is not issued for an IP address because of the high-security risks.
- It’s not possible to issue an SSL/TLS certificate for the Intranet that has Internal Server Name. This non-public domain name is suffixed with the local server name, private IP addresses like IPv4 and IPv6, Reserved IP addresses.
- Mostly, the entire Windows version supports the SSL, which is for the IP address as the CN (Common Name). However, Windows 8.1 and it’s prior won’t support the SSL certificate, which is specified for IP address as SAN (Subject Alternative Name). To put simply,
- Windows 10 supports both – Common Name (CN) as well as Subject Alternative Name (SAN)
- Windows 8.1 and prior supports Common Name (CN) and does not support Subject Alternative Name (SAN).
Here’s When SSL/TLS Certificate for IP Address Can Be Considered
Also, if you’re providing a site that can get blocked, for instance, due to political reasons, it’s suggested to have that site being accessed via its public IP address. Moreover, you’ll also be able to provide encrypted traffic for the users with the help of respected certificate authorities without making your non-tech users going through hassles of clicking security warning messages of the browser.
Is It Possible to Get an SSL/TLS Certificate for Private IP Address?
However, there’s one way to get an SSL/TLS certificate for private IPs and intranet addresses and its self-signed SSL/TLS certificate, which is not recommended due to its security issues. So, if you’re very sure that it’ll only be used for an internal purpose, then you can consider about self-signed SSL certificate or else it’s best to purchase.
SSL/TLS Certificate for Public IP Addresses
1. Comodo InstantSSL (OV)
Moreover, it’s the cost-effective and high assurance SSL certificate that will offer a secure environment for the website users. Also, some of the features are like SHA 256-bit encryption, 99.9% browser compatibility, free PCI scanning, daily website vulnerability scanning, and much more.
2. Sectigo InstantSSL Premium
3. Comodo Multi-Domain SSL
4. GeoTrust True BusinessID
5. Comodo EnterpriseSSL
The Best SSL Certificates to Secure an IP Address
|Certificate Name||Domain Secured||Warranty||Price|
|Comodo InstantSSL (OV)||Single||$50K||$27.44/yr||Get it Now|
|Sectigo InstantSSL Premium||Single||$250K||$60.61/yr||Get it Now|
|Comodo Multi-Domain SSL||Multiple||$250K||$116.82/yr||Get it Now|
|GeoTrust True BusinessID SSL||Single||$1,250K||$87.00/yr||Get it Now|
|Comodo EnterpriseSSL||Single||$1,500K||$234.42/yr||Get it Now|
So, for avoiding such situations, the SSL/TLS certificate is necessary. If you’re using a public IP address instead of FQDN, then it becomes a necessity that you must be a recognized organization with the registered business name. And this is the only reason why only OV SSL/TLS certificates, as mentioned above, are offered.