Issuance of SSL/TLS Certificate for an IP Address
SSL/TLS Certificate Can Be Issued for an IP Address, but Some Conditions Are Applied
It’s quite common, and also most of the non-techy guys are aware that the site requires SSL/TLS certificate, especially the ones who have their website. In other words, most people believe that SSL/TLS certificate is issued for an FQDN (Fully Qualified Domain Name) like, http://aboutssl.org/.
However, many might not know, or those who have technical background might question whether it’s possible to get an SSL Certificate for an IP Address.
Theoretically, it’s possible to get an SSL/TLS certificate for an IP Address. But, if you want an SSL/TLS certificate from a trusted certificate authority, then there’s a condition that your IP address must be public, and you’ve to prove ownership of that IP address because reserved or private IP addresses doesn’t work. Also, all public CAs doesn’t offer an SSL certificate for an IP address, like Let’s Encrypt only offers for FQDN and not IP address.
However, to get an SSL certificate for an IP address, certain conditions are there. But, before we get into it further, let’s first understand what’s an IP Address SSL Certificate is.
What’s an IP Address SSL/TLS Certificate
Usually, the SSL certificate is issued to an FQDN (Fully Qualified Domain Name), and some organization is responsible for protecting an IP address. However, here an SSL certificate is issued for an IP address, and it’s used for securing connection that takes place or submitted directly via IP address.
Rules to Get an SSL/TLS Certificate for IP Address
- SSL/TLS certificate can be issued only for the publicly available IP Addresses.
- The IP address for which SSL certificate is requested must be owned and exclusively assigned to an organization and not to any web hosting company.
- Certificate Authority must be able to perform verification of the owner of that IP address in an IP WHOIS lookup. IP WHOIS lookup must include information like organization name, phone number, physical address, and email address.
- Only, Organization Validated (OV) SSL/TLS certificates will be offered and not any other Though, OV SSL Certificate for both Single and Multi-Domain can be used. And, you’ll even be allowed to write an IP address in field CN (Common Name) and SAN (Subject Alternative Name), if you’ve chosen to go with multi-domain SSL certificate.
- DV (Domain Validated) is not allowed, because it can create security threats as IP-addresses can be non-unique. And EV (Extended Validated) SSL/TLS Certificate is not issued for an IP address because of the high-security risks.
- It’s not possible to issue an SSL/TLS certificate for the Intranet that has Internal Server Name. This non-public domain name is suffixed with the local server name, private IP addresses like IPv4 and IPv6, Reserved IP addresses.
- Mostly, the entire Windows version supports the SSL, which is for the IP address as the CN (Common Name). However, Windows 8.1 and it’s prior won’t support the SSL certificate, which is specified for IP address as SAN (Subject Alternative Name). To put simply,
- Windows 10 supports both – Common Name (CN) as well as Subject Alternative Name (SAN)
- Windows 8.1 and prior supports Common Name (CN) and does not support Subject Alternative Name (SAN).
Here’s When SSL/TLS Certificate for IP Address Can Be Considered
Usually, it’s suggested to get an FQDN (domain name) and get an SSL/TLS certificate issued on that CN. But, certain situations occur where SSL/TLS certificates for a public IP address as the CN can prove beneficial. For instance, many ISPs (Internet Service Providers) and Government blocks unwanted websites based upon DNS infrastructure.
Also, if you’re providing a site that can get blocked, for instance, due to political reasons, it’s suggested to have that site being accessed via its public IP address. Moreover, you’ll also be able to provide encrypted traffic for the users with the help of respected certificate authorities without making your non-tech users going through hassles of clicking security warning messages of the browser.
Is It Possible to Get an SSL/TLS Certificate for Private IP Address?
No, it’s not possible to get an SSL certificate for the private IP address from a third-party trusted certificate authority like Sectigo. The reason is that from 2016 onwards CA/Browser Forum made it invalid for private IP/reserved IP and local server name along with a non-public domain name suffix. And it also asked all the respected certificate authorities to revoke all the SSL certificates if it has been issued.
However, there’s one way to get an SSL/TLS certificate for private IPs and intranet addresses and its self-signed SSL/TLS certificate, which is not recommended due to its security issues. So, if you’re very sure that it’ll only be used for an internal purpose, then you can consider about self-signed SSL certificate or else it’s best to purchase.
SSL/TLS Certificate for Public IP Addresses
Many publicly recognized Certificate Authorities are available, but not all of them offer SSL/TLS certificate for IP addresses. However, here are some of the SSL/TLS certificates, which can be used for securing public IP addresses.
1. Comodo InstantSSL (OV)
Comodo Instant SSL Certificate is the organization validated SSL/TLS certificate provided by the respected certificate authority Comodo that helps to encrypt the critical information of the organization that is shared among browser and server.
Moreover, it’s the cost-effective and high assurance SSL certificate that will offer a secure environment for the website users. Also, some of the features are like SHA 256-bit encryption, 99.9% browser compatibility, free PCI scanning, daily website vulnerability scanning, and much more.
2. Sectigo InstantSSL Premium
Sectigo InstantSSL Premium is a high-end and cost-effective OV SSL/TLS certificate. It comes with a massive warranty amount of $250,000 to cover up your organization from the loss if it ever happens. Beyond that, it offers impeccable security features like strong encryption standard, 99.9% browser & mobile compatibility, recognizable and trustworthy Sectigo Secure site seal to instill trust in users, and much more.
3. Comodo Multi-Domain SSL
Comodo Multi-Domain SSL allows you to secure more than two to 2000 domains, including both FQDN and IP addresses using this one single certificate. So, if you’re looking to secure and manage more than one website or public IP address, this featured-rich SSL/TLS certificate will be one of the best options.
4. GeoTrust True BusinessID
GeoTrust True BusinessID SSL/TLS certificate is one of the trusted and cost-effective SSL/TLS certificate preferred by many users. It comes with a strong encryption standard, along with many trust indicators. If you’re a small or medium-sized business looking for encrypting website or an IP address, this can prove to be a good option.
5. Comodo EnterpriseSSL
As the name implies, Comodo Enterprise SSL is an SSL/TLS certificate that helps achieve enterprise-level protection for a website or a public IP address, whichever you wish to secure. It provides standard 256-bit symmetric encryption strength, generous $1.5-million warranty, trusted site seal to boost user’s confidence, free PCI scanning with HackerGuardian as add-ons, Elliptic Curve cryptography, and much more.
The Best SSL Certificates to Secure an IP Address
| Certificate Name | Domain Secured | Warranty | Price | |
|---|---|---|---|---|
| Comodo InstantSSL (OV) | Single | $50K | $27.44/yr | Get it Now |
| Sectigo InstantSSL Premium | Single | $250K | $60.61/yr | Get it Now |
| Comodo Multi-Domain SSL | Multiple | $250K | $116.82/yr | Get it Now |
| GeoTrust True BusinessID SSL | Single | $1,250K | $87.00/yr | Get it Now |
| Comodo EnterpriseSSL | Single | $1,500K | $234.42/yr | Get it Now |
Summary
SSL/TLS Certificate is not widely used for securing IP address, but some of the situations do arise where it becomes useful. As discussed above, some websites that can get blocked by the Government or the ISP for that instead of using FQDN, the public IP address can be the best option. And, in today’s date, if you try to access any website regardless of the public IP address or FQDN, you’ll face warning message, and at worse, it may even be blocked from being loaded.
So, for avoiding such situations, the SSL/TLS certificate is necessary. If you’re using a public IP address instead of FQDN, then it becomes a necessity that you must be a recognized organization with the registered business name. And this is the only reason why only OV SSL/TLS certificates, as mentioned above, are offered.