SSL Certificate for IP addresses

The ultimate solution for easily protecting your public IP addresses.

The SSL Certificate for IP address encrypts connections directly to the public IP address (for example, https://1.1.1.1/). It provides the same level of encryption and security benefits as any other SSL Certificate and follows CA/Browser Forum guidelines.

With the SSL Certificate for IP Sectigo you can protect a public IP address.

Our IP SAN SSL Certificate protects both public IP addresses and fully qualified domain names (FQDN).

The IP SAN SSL Certificate protects 2 public IP addresses with a single certificate by default. Secures a maximum of 250 additional SANs on request.

The SAN (Subject Alternative Name) property of the IP SAN SSL Certificate makes it possible to purchase additional public IP addresses, subdomains of any level and also wildcard domains.

With no paperwork required, you will receive your IP SSL certificate within minutes.

SSL Certificates for IP Comparison

Get Strong Browser-Trusted SSL Certificate for IP addresses

Certificate Price
SSL Certificate for IP Sectigo
/month
IP SAN SSL Certificate
/month
Validation Type
SSL Certificate for IP Sectigo
DV (Issuance in minutes)
IP SAN SSL Certificate
DV (Issuance in minutes)
Number of protected addresses by default
SSL Certificate for IP Sectigo
1 address
IP SAN SSL Certificate
2 addresses
SAN Support
SSL Certificate for IP Sectigo
IP SAN SSL Certificate
Additional price for single SAN
SSL Certificate for IP Sectigo
IP SAN SSL Certificate
/month
Additional price for WildCard SAN
SSL Certificate for IP Sectigo
IP SAN SSL Certificate
/month
Buy SSL Certificate for IP SectigoBuy IP SAN SSL Certificate
All prices do not include VAT
Assinatura anual

12 month

auto-renewing subscription.

The Best SSL for IP Address

Fast issuance

The IP SSL certificate is automatically issued within minutes with HTTP/HTTPS validation.

Secures multiple IP and domains

The IP SAN SSL Certificate includes 2 SANs by default. Secures a maximum of 248 additional SANs on request.

Visible safety

The IP SSL Certificate activates the secure padlock and the HTTPS secure site prefix in the browser address bar.

Strong Encryption

Maximum security with 2048 or 4096 bit RSA key, 256 or 512 bit SHA-2 encryption, with ECC support.

Trusted Root Certificate (WebTrust)

Compatible & trusted by all browsers, servers, and hosting providers that support SSL/TLS.

Easy Lifecycle Management

Control panel to generate, download, reissue, and renew your IP SSL certificate.

Expert Support

Full support for CSR generation, installation, and use of your IP SSL Certificate.

100% Money Back Guarantee

If you are not satisfied with your SSL Certificate, let us know within 15 days of issuance for a 100% refund.

FAQ

Public IP SAN Certificate FAQs

What is public IP address?

A public IP address is an IPv4 or IPv6 address reachable from Internet.

What are the requirements for buying an SSL certificate for IP?

An SSL Certificate can be issued to a public IP address. These are the requirements to get an IP SSL Certificate:

  • Public IP addresses only.
  • You must prove that you control the IP by hosting a .txt file containing a generated random string in a predetermined location on your site. These instructions will be provided to you after you submit your IP SSL order.
Can I get an SSL Certificate for private IP?

No. Starting in 2016, the CA/Browser Forum has prohibited the issuance of SSL Certificates for private/reserved IP and local server names with a non-public domain name.

Being a private IP address, it is not possible for trusted CAs to validate the authenticity of the IP address to issue a certificate. Because these reserved IP addresses and local (intranet) server names are not unique, they can be easily spoofed by attackers to perform man-in-the-middle attacks and gain unauthorized access to data.

How do I buy an SSL Certificate for IP address?

You can easily and quickly purchase a IP SSL Certificate through our website by following these instructions:

1. Choose the certificate:

IMPORTANT:

Select your country, language and currency at the top of the page.

We accept payment in United States Dollar ($), Euro (€) and Brazilian Real (R$).

2. Choose Billing Cycle

Choose your multi-year plan.

For 2-year and longer plans, you'll need to request and install a free reissue each year. Industry policy limits public TLS/SSL certificates to 1 year maximum validity.

3. Configurable Options (IP SAN SSL Certificate)

By default, the IP SAN SSL Certificate protects up to 2 public IP addresses or fully qualified domain names. If you need to protect more addresses, please enter the quantity of SAN addresses.

The additional SAN address can be of type:

  • SAN (simple): Used for public IP addresses or by an FQDN. Example: 123.456.789.10 or www.yourdomain.com .
  • SAN WildCard: To protect unlimited subdomains of a domain (one level). Example: *.yourdomain.com .

4. Additional Information

Enter the IP address to be configured in the certificate. The second IP address and others, if contracted, can be entered when you start issuing the certificate.

5. Available Addons

SSL Certificate Installation Service: Our experts will generate the Certificate Sign Request (CSR) and install the SSL/TLS Certificate for you. Temporary access to your site's server and/or control panel is required. This service includes installation of a single certificate on a single server.

6. Review

Review the order and if you have a discount coupon, inform us at this time.

7. Checkout

If you are already a registered customer, please enter your email address and password. Otherwise, create a new account by entering your registration information and password. Select your payment method and complete your order!

The certificate will be available for issuance in your customer portal once payment has been confirmed.

How to generate the CSR for the IP SSL certificate?

For the SSL Certificate for IP Sectigo, generate the CSR by entering the IP address in the CN (Common Name) field.

For IP SAN SSL Certificate, the CSR must be generated leaving the CN (Common Name) field blank.

The addresses (IP or an FQDN) are added to the SAN property of the SSL certificate when you start issuing it.

How do I complete the IP SSL certificate validation process?

Validation is done using HTTP Hash.

A certificate authority must be able to verify your control of the IP address through file authentication (you must upload a TXT file containing a generated random string on your website to be accessible over HTTP/HTTPS). For example:

Hash File: .well-known/pki-validation/783F6203ED5331A35ZDF4BA503F0E091.txt

Contents: Y821159AF31E86897D5C2F5EA547CC1D22724885F89680C5A161DAF11AC7445Z

For the validation to be completed, this file must be accessible via the Internet through its IP address, for example:

http://1.1.1.1/.well-known/pki-validation/783F6203ED5331A35ZDF4BA503F0E091.txt
or
https://1.1.1.1/.well-known/pki-validation/783F6203ED5331A35ZDF4BA503F0E091.txt

What are the formats in which I can obtain the IP SSL certificate?

Depending on your system or web server, you may need a specific format of SSL/TLS certificate to complete your installation.

Once the issuance process is complete, the SSL/TLS Certificate is available in the most popular formats:

PEM

It is a file encrypted in Base64 format using ASCII characters. This is the most commonly used format for SSL/TLS certificates. Most web servers (e.g. Apache and Nginx) and Unix/Linux operating systems use this format.

The most common extensions for this format are .cer, .crt, .pem, or .key (for the private key).

You can also convert the SSL certificate to PFX (P12).

Will I have control over the management of my IP SSL certificate?

Yes, you have full control of your SSL certificate in the Customer Portal.

Once your payment has been confirmed, your SSL certificate will be ready for quick and easy issuance.

You can submit your CSR to start the SSL certificate issuance process.

Once issued, you will be able to download your SSL certificate in the format of your choice and reissue it free of charge during its period of validity.

What do I do when my IP SSL certificate is about to expire?

All SSL certificates have an expiration date property that is set once they are issued and cannot be changed. Even if a SSL certificate is reissued, its expiration date remains the same.

Before your SSL certificate expires, you must renew it by purchasing and generating a new SSL certificate. Each time a new SSL certificate is generated, a new installation is required.

How do I renew my IP SSL certificate?

If your current SSL certificate was purchased from us, we will send you a renewal notice 10 days prior to the end of the subscription period.

Once the invoice is paid, the new SSL certificate is made available for management via the Customer Portal.

Even if you purchased your SSL certificate from another provider, you can renew it by simply purchasing a new SSL/TLS Certificate from us to replace the old one.

Remember that you must update the new SSL certificate keys on your web server each time a new SSL certificate is generated (new order, reissue, or renewal).

Why does a browser identify an IP SSL certificate as untrusted?

In this case, there is a problem with the SSL certificate or its installation. The SSL certificate may be self-signed (unreliable), expired, or issued to a different address than the one the browser is trying to access. There may also be a problem with the installation of the root and intermediate certificates.

How do I stop the "Secure and non-secure items" warning on my website?

Browsers display this message when one or more elements embedded in the page (images, CSS files, JavaScript components, etc.) are loaded via an insecure URL (http:// instead of https://) or with a URL that has an invalid certificate installed.

Here is some ways to solve the above problem:

  • Change all URLs to https. Open the problematic page and search for "http://" and change all elements references to "https://".

    For example: <img src="https://www.yourdomain.com/image.gif" alt="example"/>

    Note: If the image is downloaded or copied from another site that is not secured with SSL, this solution will not work.

  • Make the links relative. To eliminate the problem, you can choose to change all links to "/" instead of making them "https", for example: <img src="/image.gif" alt="example"/>