Can SSL certificate be by IP instead of Domain?

0

I'm developing a php / javascript application that makes use of the camera via browser to read bar code, in the tests I did locally it works in a good one, when I put it online it does not open the camera and does not ask to open, I agree it's by security issue, well I would like to get around this situation even if I had to ask the user for authorization ... because he will be instructed to do so.

I came up with the idea of testing on a server with https that I have, to my surprise it worked, that is the problem is accessing sites without https

Can you install a valid certificate on a private server?

In other words, it will be accessed by an IP and not a domain

The code to access the camera is this:

QuaggaJS An advanced barcode scanner written in JavaScript

ps. There is already a question about https on localhost and I even use it, but my case is an IP (xxx.xxx.xxx.xxx) on the web and not a domain (www.domain.com)

    
asked by anonymous 17.10.2018 / 22:37

1 answer

1

Yes, it is possible. Create a certificate that has the IP address set in the [Subject Alternative Name] (SAN) attribute 1 .

Note that you can add more than one SAN.

In the ideal world, all SANs and Common Name must be compared to the host domain accessed. More current versions of the more common browsers already do this.

Technical information on the operation of Subject Alternative Name is RFC5280 , by example:

  

When the subjectAltName extension contains an iPAddress, the address
  MUST be stored in the octet string in "network byte order", the   specified in [RFC791].

    
08.11.2018 / 00:28