13

I have my application hosted in the cloud and while demoing to prospective clients, I would like to make sure that my browser doesn't complain due to the lack of trust. So I want to generate a self signed certificate that is bound to a IP address.

All of the online resources that I have read only talk about generating the certificate bound to the domain.

acthota
  • 281

2 Answers2

7

It doesn't matter if your subject is a name or an IP, the way you need to fix the cert being untrusted is the same: trust the self-signed cert on the local system.

If for some reason you need to use an IP instead of a name (hosts file?), then set up a subject alternative name with the IP address, like IP:192.0.2.1.

Shane Madden
  • 116,404
  • 13
  • 187
  • 256
3

[Reposting my comment as the answer]

I have realized that SSL certificate for a public IP address is not that a good idea from the answers to the related question (linked to this question) by @MadHatter.

I have decided to use SSL cert bound to a domain name and use the hosts file for the dns resolution for the testing and demo purposes.

I have generated a self signed certificate using the command => 

keytool -genkey -keyalg RSA -alias selfsigned -keystore demo1keystore.jks -storepass mykeystore@789 -validity 360 -keysize 2048

To add to the trust store read by chrome => I have followed the instructions from this link

I have tested all this to understand what works in practice.

Tried with a

  • Self signed certified bound to a domain name and tested SSL connectivity with Chrome and Firefox and a Jetty Server. Things worked fine.
  • Self signed certified bound to a IP ADDRESS and tested SSL connectivity with Chrome and Firefox and a Jetty Server. The Chrome Browser failed to trust the certificate.

If anyone else has a different perspective about this, please reply as a comment. Accepting this as answer.

acthota
  • 281