SSL Certificate for IP addresses

A public IP address is an IPv4 or IPv6 address reachable from Internet.

An SSL Certificate can be issued to a public IP address. These are the requirements to get an IP SSL Certificate:

• Public IP addresses only.
• You must prove that you control the IP by hosting a .txt file containing a generated random string in a predetermined location on your site. These instructions will be provided to you after you submit your IP SSL order.

No. Starting in 2016, the CA/Browser Forum has prohibited the issuance of SSL Certificates for private/reserved IP and local server names with a non-public domain name.

Being a private IP address, it is not possible for trusted CAs to validate the authenticity of the IP address to issue a certificate. Because these reserved IP addresses and local (intranet) server names are not unique, they can be easily spoofed by attackers to perform man-in-the-middle attacks and gain unauthorized access to data.

You can easily and quickly purchase a IP SSL Certificate through our website by following these instructions:

1. Choose the certificate:

• BUY IP SSL CERTIFICATE

IMPORTANT:

Select your country, language and currency at the top of the page.

We accept payment in United States Dollar ($), Euro (€) and Brazilian Real (R$).

2. Choose Billing Cycle

Choose your multi-year plan.

For 2-year and longer plans, you'll need to request and install a free reissue each year. Industry policy limits public TLS/SSL certificates to 1 year maximum validity.

3. Configurable Options (IP SAN SSL Certificate)

By default, the IP SAN SSL Certificate protects up to 2 public IP addresses or fully qualified domain names. If you need to protect more addresses, please enter the quantity of SAN addresses.

The additional SAN address can be of type:

• SAN (simple): Used for public IP addresses or by an FQDN. Example: 123.456.789.10 or www.yourdomain.com .
• SAN WildCard: To protect unlimited subdomains of a domain (one level). Example: *.yourdomain.com .

4. Additional Information

Enter the IP address to be configured in the certificate. The second IP address and others, if contracted, can be entered when you start issuing the certificate.

5. Available Addons

SSL Certificate Installation Service: Our experts will generate the Certificate Sign Request (CSR) and install the SSL/TLS Certificate for you. Temporary access to your site's server and/or control panel is required. This service includes installation of a single certificate on a single server.

6. Review

Review the order and if you have a discount coupon, inform us at this time.

7. Checkout

If you are already a registered customer, please enter your email address and password. Otherwise, create a new account by entering your registration information and password. Select your payment method and complete your order!

The certificate will be available for issuance in your customer portal once payment has been confirmed.

For the SSL Certificate for IP Sectigo, generate the CSR by entering the IP address in the CN (Common Name) field.

For IP SAN SSL Certificate, the CSR must be generated leaving the CN (Common Name) field blank.

The addresses (IP or an FQDN) are added to the SAN property of the SSL certificate when you start issuing it.

Validation is done using HTTP Hash.

A certificate authority must be able to verify your control of the IP address through file authentication (you must upload a TXT file containing a generated random string on your website to be accessible over HTTP/HTTPS). For example:

Hash File: .well-known/pki-validation/783F6203ED5331A35ZDF4BA503F0E091.txt

Contents: Y821159AF31E86897D5C2F5EA547CC1D22724885F89680C5A161DAF11AC7445Z

For the validation to be completed, this file must be accessible via the Internet through its IP address, for example:

http://1.1.1.1/.well-known/pki-validation/783F6203ED5331A35ZDF4BA503F0E091.txt
or
https://1.1.1.1/.well-known/pki-validation/783F6203ED5331A35ZDF4BA503F0E091.txt

Depending on your system or web server, you may need a specific format of SSL/TLS certificate to complete your installation.

Once the issuance process is complete, the SSL/TLS Certificate is available in the most popular formats:

PEM

It is a file encrypted in Base64 format using ASCII characters. This is the most commonly used format for SSL/TLS certificates. Most web servers (e.g. Apache and Nginx) and Unix/Linux operating systems use this format.

The most common extensions for this format are .cer, .crt, .pem, or .key (for the private key).

You can also convert the SSL certificate to PFX (P12).

Yes, you have full control of your SSL certificate in the Customer Portal.

Once your payment has been confirmed, your SSL certificate will be ready for quick and easy issuance.

You can submit your CSR to start the SSL certificate issuance process.

Once issued, you will be able to download your SSL certificate in the format of your choice and reissue it free of charge during its period of validity.

All SSL certificates have an expiration date property that is set once they are issued and cannot be changed. Even if a SSL certificate is reissued, its expiration date remains the same.

Before your SSL certificate expires, you must renew it by purchasing and generating a new SSL certificate. Each time a new SSL certificate is generated, a new installation is required.

If your current SSL certificate was purchased from us, we will send you a renewal notice 10 days prior to the end of the subscription period.

Once the invoice is paid, the new SSL certificate is made available for management via the Customer Portal.

Even if you purchased your SSL certificate from another provider, you can renew it by simply purchasing a new SSL/TLS Certificate from us to replace the old one.

Remember that you must update the new SSL certificate keys on your web server each time a new SSL certificate is generated (new order, reissue, or renewal).

In this case, there is a problem with the SSL certificate or its installation. The SSL certificate may be self-signed (unreliable), expired, or issued to a different address than the one the browser is trying to access. There may also be a problem with the installation of the root and intermediate certificates.

Browsers display this message when one or more elements embedded in the page (images, CSS files, JavaScript components, etc.) are loaded via an insecure URL (http:// instead of https://) or with a URL that has an invalid certificate installed.

Here is some ways to solve the above problem:

• Change all URLs to https. Open the problematic page and search for "http://" and change all elements references to "https://".

  For example: <img src="https://www.yourdomain.com/image.gif" alt="example"/>

  Note: If the image is downloaded or copied from another site that is not secured with SSL, this solution will not work.

• Make the links relative. To eliminate the problem, you can choose to change all links to "/" instead of making them "https", for example: <img src="/image.gif" alt="example"/>