Using HTTPS with a dynamic ip

ssl web dynamic-ip
17,972

Solution 1

The common wisdom of SSL certificates being associated with one IP address is misleading. An SSL certificate is issued for the domain name, not the IP address. The issue with IP addresses stems from the details of the HTTPS protocol, and namely just the issue of name resolution. An HTTP server can host many different sites for many different domains, all on the same port and IP address. It knows which site is being requested based on an HTTP header.

Now, with HTTPS, the server first needs to negotiate a secure SSL connection before any HTTP headers are exchanged. The issue therefore is that it can't know which certificate for which domain it's supposed to use to negotiate a secure connection, because it hasn't yet had a chance to talk to the client about the domain it'd like to visit.

There are actually mechanisms for name negotiation before encryption in later versions of the HTTPS protocol, but the practical problem is that older clients do not support it yet (stare at IE6).

So the practical solution is to reserve one IP address and/or port for each HTTPS site, because then there's no issue of multiple name resolutions. One IP/port is reserved for one specific HTTPS site and in extension for one SSL certificate.

Which means, as long as your server is only serving one HTTPS domain, its IP address can change as often as it wants; there's no issue there.

Solution 2

There is no problem with dynamic IP. In SSL certificate you store a static hostname (domain.com), no IP address.

Share:
17,972
Agent T
Author by

Agent T

Updated on July 31, 2022

Comments

  • Agent T
    Agent T almost 2 years

    My situation: I want to run a webserver on a device in an unknown network. Requests on port 80 or 443 will be forwarded to this device from the global ip.

    The device regularly posts its IP address to a server on the web and it is saved on this server.

    Is it possible to access this device via https without much trouble? The problem of course is, that the ip can change and a SSL certificate needs to have a hostname.

    Edit: The device doesn't have a domain assigned to it that I could use for a certificate. Is it maybe possible to use a domain I own and reroute that to the dynamic ip without changing the header? As far as I understand it that would make using https possible

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I permanently remove a web browser's SSL warning for HTTPS sites that fail to identify themselves correctly?
Do web browsers cache SSL certificates?
How to use ssl_verify_client=ON on one virtual server and ssl_verify_client=OFF on another?
SSL for devices in local network
WSS works on http?
Cloudflare - 525 SSL handshake failed
Forcing SSL and WWW using .htaccess
flutter_web_auth doesn't redirect from WebView to the app after authorizing the access to my data in Flutter
Admob in flutter app: "Error while connecting to ad server: SSL handshake aborted"
Getting XMLHttpRequest error in Flutter Web for Razorpay API call using http post