How to generate a Self Signed SSL Certificate bound to IP address? [duplicate]
It doesn't matter if your subject is a name or an IP, the way you need to fix the cert being untrusted is the same: trust the self-signed cert on the local system.
If for some reason you need to use an IP instead of a name (hosts file?), then set up a subject alternative name with the IP address, like IP:192.0.2.1
.
[Reposting my comment as the answer]
I have realized that SSL certificate for a public IP address is not that a good idea from the answers to the related question (linked to this question) by @MadHatter.
I have decided to use SSL cert bound to a domain name and use the hosts file for the dns resolution for the testing and demo purposes.
I have generated a self signed certificate using the command =>
keytool -genkey -keyalg RSA -alias selfsigned -keystore demo1keystore.jks -storepass mykeystore@789 -validity 360 -keysize 2048
To add to the trust store read by chrome => I have followed the instructions from this link
I have tested all this to understand what works in practice.
Tried with a
- Self signed certified bound to a domain name and tested SSL connectivity with Chrome and Firefox and a Jetty Server. Things worked fine.
- Self signed certified bound to a IP ADDRESS and tested SSL connectivity with Chrome and Firefox and a Jetty Server. The Chrome Browser failed to trust the certificate.
If anyone else has a different perspective about this, please reply as a comment. Accepting this as answer.