Issuing SSL Certificate on IP Addresses - is it possible?

Encrypted data transmission is now a standard on the World Wide Web. Hardly any website operates without an SSL certificate these days. Typically, certificates are issued for the respective domain. But is it possible to issue them for an IP address as well?

How an SSL Certificate Works

Actually, the SSL protocol is outdated now. Encryption typically occurs with TLS nowadays. The differences between both protocols (SSL/TLS) are detailed in a separate post. However, SSL certificate is still used because most internet users understand it as a form of encryption.

The first step to installing an SSL certificate on a server is the certification request. This is also known as a Certificate Signing Request (CSR). It's a small file containing the necessary information for certificate creation.

In addition to the public key, this mainly includes various contact details used for applicant identification. Therefore, the CSR contains the following data records, among others:

• Common Name (CN) - the Fully Qualified Domain Name (FQDN) of the website to be encrypted
• Organization (O) - the name of the company or institution applying for the SSL certificate
• State (S) - the state or region of the applicant
• Country (C) - the country where the applicant is based
• the email address of the applicant

The CSR is sent to the Certification Authority (CA), which verifies the applicant's identity and issues the certificate if the information can be confirmed.

Subsequently, the applicant receives the SSL certificate, which is issued for the specific domain indicated in the Certificate Signing Request (CSR). Once installed on the server, the website can only be accessed via HTTPS.

With each request, the website now responds with the certificate including the public key. The corresponding browser then checks if it can trust the issuing CA and establishes the encrypted connection if everything is in order.

Can an SSL certificate be issued for an IP address?

The technical foundation for every domain is an IP address, which is resolved to a readable address by a DNS server.

Through identity verification, the CA validates the trustworthiness of the applicant. It is common for the domain to also belong to the applicant. For example, a webshop will try to secure its own brand name. The IP address is less important to the shop owner, who entrusts the domain mapping to the hosting provider.

However, the issue arises as the Certification Authority can no longer uniquely identify the applicant. In a WHOIS lookup of the IP address, it will retrieve the contact details of the hosting provider in the above example, not those of the shop owner.

If the above points are considered, an IP address can be specified in the CSR instead of an FQDN.

Also, find out if each domain needs its own SSL certificate?

Find the perfect SSL certificate now: