为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

My SSL-secured website gets warning "connection not secure" when I access the site by IP:443

more options

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

When I access my own development website by domain name (with SSL signed by Digicert), it's fine, I see the lock symbol in FF. When I access it by typing https://[IP address]:443 , I get the "not secure" warning. The IP address has a valid reverse DNS that points to the domain name, which in turn has the valid SSL cert. The domain's A Record also points back to the same IP address. I'm curious why does Firefox do this, and is there anything I can do in my DNS settings to remove the warning for other users -- without changing FF settings? Thanks.

所有回复 (5)

more options

Firefox looks at the Common Name and Subject Alt Name fields in the certificate. Do other browsers work differently in this regard?

more options

Thank you jscher! That is very helpful info. Question, does FF actually look up the reverse DNS to find the certificate, or does it just automatically flag hard IP addresses in the address bar as suspect? Sorry if I'm a bit of a noob with SSL tech.

more options

I'm pretty sure the first step is for the host name to be in the certificate presented by the host, so we're not getting past first base.

more options

Maybe I'm missing something, but in my original question, I state that it's all fine (the lock symbol) when using the domain name in the address bar. Meaning, my domain name IS the "common name" in the cert. BUT, additionally, perhaps from what you said, I could put the *IP address* in the cert as a Subject Alternative Name, then I could access the site with "https://[ip address]:443" and see the nice lock symbol? (Of course, if I want to move to another IP address, I would have to change the cert as well. I understand this goal is not anything a "normal" website would need, but I just want to understand how the warnings work. Thank you for your time!)

more options

I don't have any experience with SSL certs for IP addresses, but you could check with your cert supplier.