Is it possible to use an ip address with ap?

Irelephant@lemm.ee · 12 days ago

Is it possible to use an ip address with ap?

bamboo@lemmy.blahaj.zone · 12 days ago

Having not read the spec, if there are any requirements for HTTPS, you most certainly will need a domain name for the TLS certificate.

slazer2au@lemmy.world · 12 days ago

SAN does support IPs.

themoonisacheese · 12 days ago

If you can point me to a CA that will allow your to request a cert for an IP address that’d be great

bamboo@lemmy.blahaj.zone · 11 days ago

I haven’t tried this but searching google shows SSL.com does allow it granted you can demonstrate the requirements:

The IP address you wish to secure must be public, and your organization must own it.
- The IP address ranges 10.x.x.x and 192.168.x.x are prohibited.
- A WHOIS lookup of the IP address should show your organization’s name, address, phone number, and email contacts (not your web hosting provider’s).
Control over the IP address must be demonstrated by the HTTP/HTTPS file lookup method. The email challenge response and DNS CNAME lookup methods may not be used to validate an IP address.

themoonisacheese · 11 days ago

So you need to own and operate your own ASN. I guess that’s better than what I thought but it’s nowhere near attainable for regular people.

PowerCrazy@lemmy.ml · 11 days ago

If you are ok with ipv6, you can get a /48, and a 4-byte ASN for a few hundred dollars for the registration fee. The 4-byte ASN isn’t even necessary. You can then use AWS/Oracle/AliBaba or some other public cloud to advertise your registered ipv6 address block on your behalf. A whois will show the details you used with the registrar.

themoonisacheese · 10 days ago

I’m pretty sure most browsers will straight up refuse to load content from bare IPv6 adresses regardless of cert status no? I remember having problems with this with an internal CA.

Irelephant@lemm.ee · 4 days ago

Googleing it, is this relevant? https://superuser.com/a/367788

bamboo@lemmy.blahaj.zone · 12 days ago

Right, it can be done, but would require a CA who supports that, not all do. For example, Let’s Encrypt doesn’t allow bare IP addresses. I was assuming the question about an IP address was raised due to aversion to purchase a domain name. If so, then TLS certificate is another cost to consider and if not using a domain name, then the main free option becomes unavailable.

kopper [they/them]@lemmy.blahaj.zone · 11 days ago

there is a general “encrypted transport” requirement which in real world use mandates HTTPS (although it’s worded broadly to allow for onion services and whatnot which provide their own encryption outside TLS)

silverpill@mitra.social · 12 days ago

@Irelephant @activitypub Yes, IP addresses are often used in development and testing environments. I haven’t seen such servers in the global network though

Irelephant@lemm.ee · 12 days ago

Okay, thanks!