Can SSL Certificate be by IP instead of Domain?

Asked

Viewed 504 times

0

I am developing a php/javascript application that makes use of the camera via browser to read barcode, in the tests I did locally works well, when I put online it does not open the camera and nor ask to open, I agree that it is for security reasons, well I would like to get around this situation even if I had to ask the user’s permission... because he will be instructed to do so.

I came up with the idea of testing on a server with https that I have, to my surprise it worked, IE the problem is access on sites without https

You can install a valid certificate on a particular server?

That is to be accessed by an IP and not a domain

The code to access the camera is this:

Quaggajs An Advanced Barcode-scanner Written in Javascript

ps. There is already question regarding https on localhost and even I already make use of it, but my case is an IP (xxx.xxx.xxx.xxx) on the web and not a domain (www.dominio.com.br)

1 answer

1

Yes, it is possible. Create a certificate that has the IP address set in the [Subject Alternative Name] attribute (SAN)1.

Note that you can add more than one SAN.

In the ideal world, all Sans and Common Name must be compared to the domain of the accessed host. More current versions of the most common browsers already do this.

Technical information about the operation of Subject Alternative Name are RFC5280 (in English), for example:

When the subjectAltName Extension contains an ipaddress, the address
MUST be stored in the octet string in "network byte order", as specified in [RFC791].

Browser other questions tagged

You are not signed in. Login or sign up in order to post.