Ip ssl

lostincable · Mar 16, 2022

The server IP address when centminmod is setup is using http by standard.

Can an ssl be generated for the server ip so if people access the server ip they get an ssl centminmod page for the base centminmod install?

From my reading letsencrypt doesn’t issues ssl for IP addressees so interested to know what others do to secure the default IP address of a server.

eva2000 · Mar 16, 2022

Browser validated/trusted SSL certificates are issued for hostname/domain names, not IP addresses. Generally, you don't want SSL certificates for the main hostname/IP anyway as every time you issue an SSL certificate, the certificate can be publicly searched for via Certificate Transparency logs at crt.sh | Certificate Search and Certificate Transparency Monitoring - Facebook for Developers. See https://securitytrails.com/blog/what-are-certificate-transparency-logs for an explanation of CT logs.

The main goal of Certificate Transparency is to provide a publicly available system of logs, where any domain owner can verify whether a certificate was issued by a trusted CA or issued maliciously, and to prevent users from being tricked by any fraudulent certificates.
Click to expand...

Certificate Transparency logs
Every Certificate Transparency log is a record of all publicly trusted digital certificates. Those certificates contain information about the public key, the subject and information about the issuer.

Certificate Transparency logs keep cryptographically secured records of certificates which are append-only, meaning that certificates can only be added to the log — it’s impossible to delete, modify or in any way retroactively change or insert certificates into the log.
Click to expand...

What this means is malicious folks can also search the CT logs for hostnames belonging to an attacker who wants to target your domain and see if you have any exposed hostnames listed in CT logs. Once you issue a browser trusted SSL certificate, you better be prepared to protect it too.

If you don't plan on having sites other than default Nginx HTML index page served from main hostname/IP, then having a browser trusted SSL certificate/HTTPS isn't essential. You can probably use a self-signed non-browser trusted SSL certificate just as well to encrypt data but not log to CT logs the hostname + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing. Or just keep it non-https + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing

Log in / Register

Forums

Welcome to Centmin Mod Community

Ip ssl

lostincable New Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Ip ssl

lostincable New Member

eva2000 Administrator Staff Member

.