(blog.cloudflare.com)

1895 points _l4jh | 1 comments | 01 Apr 18 12:14 UTC | HN request time: 0s | source

Show context

tomputer ◴[01 Apr 18 12:39 UTC] No.16727955[source]▶

Today I learned that it is possible to request a certificate for an IP address.

1. dorfsmay ◴[01 Apr 18 13:09 UTC] No.16728082[source]▶

Edit: I had not realised what the parent comment here meant, that you can coonect to an IP address without getting an error by adding the IP to the SAN. My explanation bellow is about finding certs installed for a given IP/hotname, typically with openssl.

Yes, but...

This only works if they don't use SNI[1]. If they use SNI then you just get the default cert. They might have more certs for other hostnames served on that IP address.

1: https://en.wikipedia.org/wiki/Server_Name_Indication

↑

1.1.1.1: Fast, privacy-first consumer DNS service