1

I have set up my ssl certificate and it works fine when I go to the site using its domain name but some of my clients who access the site were once given the IP address and log in that way. If they go to the site using the domain name everything works fine but if they use the IP address it gives them a warning that the certificate is meant for a different site. I can only assume that this is due to the fact that the certificate is registered to the domain (a wildcard domain) and not the specific IP address. I am using windows server 2003 (stuck with a 32 bit app) and I have tried to configure IIRF (to redirect to the domain before it loads the cert) to no avail. Let me know if you think I'm on the right track or if there is another way to fix this cert warning.

Thank you in advance.

adsoft
  • 11
  • 2
  • I'm no expert, but I think you'll need a new certificate. A SAN certificate, specifically. See: http://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name – Beau Townsend Aug 25 '15 at 13:34
  • Thanks for the help but the problem with that is that I use a wildcard domain name so I can have 1 cert for 100 sites. Each client would require a unique cert for their unique ip address. I can't get a cert for each ip address. If I could just tell the site to redirect from ip to a domain before the SSL gets invoked that would be ideal. that is why I was trying to use rewrite with IIRF. using redirect in IIS still loads the site and cert which is why the warning comes up. – adsoft Aug 25 '15 at 13:43
  • I live in an Apache world, but does this help? http://www.seoconsultants.com/windows/isapi/subdomains/. Also, giving credit where it's due, I came across that link from here: http://stackoverflow.com/questions/22958412/iirf-on-iis6-several-domain-to-one-ip-redirect-to-defferent-index-pages – Beau Townsend Aug 25 '15 at 13:53
  • Why don't you tell your clients to use the domain name? (It's perfectly normal for a connection to an IP address to give you a certificate warning; you're simply not supposed to be doing that.) – Harry Johnston Aug 25 '15 at 22:52

1 Answers1

2

The only way to fix a certificate warning is to have the correct certificate for this site the client accesses. Any kind of redirects have only effect after the certificate was validated and trying to fiddle with DNS settings will not help either because the browser will check against the hostname as shown in the URL.

This means the only options are either to get certificates for all the IP addresses the client might access by IP or to teach the client to access the site by the hostname for which you have a valid certificate.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172