1

When I'm accessing any host via IP address, it is showing SSL error.

Example.com => 192.168.1.1 (IP address)

Suppose if I want to access https://example.com, it works fine. If on the other hand, accessing the hosts by its IP address like https://192.168.1.1, it shows SSL Error.

Is there any configuration missing here. Do I need to add the IP address in SAN configuration?

Amin.MasterkinG
  • 805
  • 1
  • 12
  • 23
Aditya Bali
  • 13
  • 3

1 Answers1

0

If you want to access a web site by IP address you need to first configure your web server to actually provide this web site on this IP address and then you have to include the IP address as SAN into the certificate served at this IP address. Note that there are different types of SAN: DNSName and IPAddress. The correct type would be IPAddress but some clients actually wrongly expect type DNSName - so you better add the IP address with both SAN types.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Thanks, but suppose if I don't want to add IP address to SAN. Will it be possible for an attacker to conduct the man in the middle attack? – Aditya Bali Jun 08 '19 at 21:02
  • 2
    @AdityaBali: If you don't add the IP to the SAN then you will face an SSL error. The same kind of error you'll face if a man in the middle attack is going on. Most users will not be able to distinguish if this as error which can be ignored or if this is an error which is caused by an attack. – Steffen Ullrich Jun 08 '19 at 21:07