We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Ky sajt do të funksionojë me kufizime, teksa bëjmë mirëmbajtjen e tij për të përmirësuar punën tuaj. Nëse një artikull nuk e zgjidh problemin tuaj dhe dëshironi të bëni një pyetje, kemi bashkësinë tonë të asistencës, e gatshme për t’ju ndihmuar, te @FirefoxSupport në Twitter dhe/r/firefox në Reddit.

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Mësoni Më Tepër

My SSL-secured website gets warning "connection not secure" when I access the site by IP:443

more options

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

Krejt Përgjigjet (5)

more options

Firefox looks at the Common Name and Subject Alt Name fields in the certificate. Do other browsers work differently in this regard?

more options

Thank you jscher! That is very helpful info. Question, does FF actually look up the reverse DNS to find the certificate, or does it just automatically flag hard IP addresses in the address bar as suspect? Sorry if I'm a bit of a noob with SSL tech.

more options

I'm pretty sure the first step is for the host name to be in the certificate presented by the host, so we're not getting past first base.

more options

Maybe I'm missing something, but in my original question, I state that it's all fine (the lock symbol) when using the domain name in the address bar. Meaning, my domain name IS the "common name" in the cert. BUT, additionally, perhaps from what you said, I could put the *IP address* in the cert as a Subject Alternative Name, then I could access the site with "https://[ip address]:443" and see the nice lock symbol? (Of course, if I want to move to another IP address, I would have to change the cert as well. I understand this goal is not anything a "normal" website would need, but I just want to understand how the warnings work. Thank you for your time!)

more options

I don't have any experience with SSL certs for IP addresses, but you could check with your cert supplier.