0

Since Google is using HTTPS/SSL I am unable to access it using the IP of Google.com and passing the Host header. I don't understand why this is not working.

Here is what I have tried so far.

  1. I got the IP of Google.com
tracert google.com
Tracing route to google.com [216.58.207.238]
  1. Next I tried to connect using the IP with Host header
$ curl -H "Host: google.com" https://216.58.207.238

I got an error:

curl: (51) SSL: certificate subject name '*.google.com' does not match target host name '216.58.207.238'

  1. Next I tried this
$ curl https://216.58.207.238 --resolve "google.com:443:216.58.207.238" -H "Host: google.com"

But I got the same error message. So is it really not possible at all to open google.com by using the IP address?

Liga
  • 135
  • 2
  • 12

1 Answers1

1

Certain fields in the presented certificate should match the name or address you are connecting to, otherwise the certificate will be declared "fake" and client should drop the connection. That is what your curl does.

If you connect by domain name, that name should match a "cname" field in the certificate, or be listed in the "subjectAltName" DNS subfields of server certificate.

If you connect by specifying a raw IP address, that IP address should be listed in the "subjectAltName" IP subfields of the certificate.

As you can easily check, Google did not specify any IP addresses in the SAN field of their certificate, so yes, they don't expect anybody to connect to them using direct IP address. They only expect you'll use host names.

You may disable certificate checking in the curl by using --insecure, but you know, that will render HTTPS useless.

See also a related question on Security and RFC5280

Community
  • 1
Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
  • Thanks, that makes sense now why I wasn't able to connect using an IP – Liga Nov 21 '19 at 13:52
  • It's funny. Your second sentence directly contradicts the first one. The reason has been explained and you've also given your thanks. – Lethargos Aug 24 '23 at 22:20