Do I have to pay to use this service?
No, it's free.
Can I use this certificate on my commerce website?
-Although there's no technical reason why you couldn't use - the sslip.io SSL key and certificate for your commerce - web, we strongly recommend against it: the key - is publicly available; your traffic isn't secure. sslip.io's - primary purpose is to assist developers who need to test - against valid SSL certs, not to safeguard content.
-My webserver wants a certificate and an "intermediate certificate - chain"—where do I get that?
-Certain web servers (e.g. Tenable's Nessus scanner) prefer to split the chained certificate file - (which has three concatenated certificates) into two - files: one file containing a single certificate for the - server itself (e.g. the "*.sslip.io" certificate), and - a second file containing the intermediate certificate - authorities (e.g. the two COMODO certificate authorities).
-You can split the chained certificate file by hand, or - you can download them, pre-split, from GitHub:
+Although there's no technical reason why you couldn't use the sslip.io SSL key and certificate for your + commerce web, we strongly recommend against it: the key is publicly available; your traffic isn't secure. + sslip.io's primary purpose is to assist developers who need to test against valid SSL certs, not to safeguard + content.
+My webserver wants a certificate and an "intermediate certificate chain"—where do I get that?
+Certain web servers (e.g. Tenable's Nessus scanner) prefer to split the chained + certificate file (which has three concatenated certificates) into two files: one file containing a single + certificate for the server itself (e.g. the "*.sslip.io" certificate), and a second file containing the + intermediate certificate authorities (e.g. the two COMODO certificate authorities).
+You can split the chained certificate file by hand, or you can download them, pre-split, from GitHub:
-
-
- the server certificate ("*.sslip.io") -
- the intermediate certificate chain (the COMODO CAs) +
- the server certificate ("*.sslip.io") + +
- the intermediate certificate chain (the COMODO + CAs) +
Why can't I use dots in my hostname? xip.io lets me use - dots.
-You can't have dots, but you can have dashes: for example, - "www-sf-ca-us-10-9-9-142.sslip.io" will work with sslip.io's - wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io" - will not. This is a technical limitation of wildcard - certs and the manner in which browsers treat them (read - more here).
-This restricts sslip.io's usage model. For example, it - won't work properly with Cloud Foundry's app domain or - system domain.
-Does sslip.io work with name-based virtual hosting? We - have multiple projects but only one webserver.
- -sslip.io interoperates quite well with name-based virtual hosting. - You can prepend identifying information to the sslip.io - hostname without jeopardizing the address resolution, and then use - those hostnames to distinguish the content being served. - For example, let's assume that your webserver's IP address - is 10.9.9.30, and that you have three projects you're - working on (Apple, Google, and Facebook). You would use - the following three sslip.io hostnames:
- +Why can't I use dots in my hostname? xip.io lets me use dots.
+You can't have dots, but you can have dashes: for example, "www-sf-ca-us-10-9-9-142.sslip.io" will work with + sslip.io's wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io" will not. This is a technical + limitation of wildcard certs and the manner in which browsers treat them (read more here).
+This restricts sslip.io's usage model. For example, it won't work properly with Cloud Foundry's app domain or + system domain.
+Does sslip.io work with name-based virtual hosting? We have multiple projects but only one + webserver.
+sslip.io interoperates quite well with name-based virtual hosting. You can prepend + identifying information to the sslip.io hostname without jeopardizing the address resolution, and then use those + hostnames to distinguish the content being served. For example, let's assume that your webserver's IP address is + 10.9.9.30, and that you have three projects you're working on (Apple, Google, and Facebook). You would use the + following three sslip.io hostnames:
- apple-10-9-9-30.sslip.io
- facebook-10-9-9-30.sslip.io
- google-10-9-9-30.sslip.io
Can you make the hostnames easier to remember? It's as - hard as memorizing IP addresses.
-Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" - is not an easy-to-remember hostname, whereas something - along the lines of "aws-server.sslip.io" would be much - simpler, but we don't see an easy solution—we need - to be able to extract the IP address from the hostname - in order for our DNS nameserver to reply with the proper - address when queried.
+Can you make the hostnames easier to remember? It's as hard as memorizing IP addresses.
+Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" is not an easy-to-remember hostname, whereas + something along the lines of "aws-server.sslip.io" would be much simpler, but we don't see an easy solution—we + need to be able to extract the IP address from the hostname in order for our DNS nameserver to reply with the + proper address when queried.
Do you have support for IPv6-style addresses?
-Not yet, but if there's enough demand for it we might try - implementing it.
-Why did you choose a 4096-bit key instead of a 2048-bit - key? -
-We couldn't help ourselves—when it comes to keys, - longer is better. In retrospect there were flaws in our - thinking: certain hardware devices, e.g. YubiKeys, only - support keys of length 2048 bits or less. Also, there - was no technical value in making a long key—it's - publicly available on GitHub, so a zero-bit key would - have been equally secure.
-Do I have to use the sslip.io domain? I'd rather have a - valid cert for my domain.
-If you want valid SSL certificate, and you don't want to - use the sslip.io domain, then you'll need to purchase - a certificate for your domain. We purchased ours from - Cheap SSL Shop, - but use a vendor with whom you're comfortable.
-What is the sslip.io certificate chain?
-The sslip.io certificate chain is the series of certificates, - each signing the next, with a root certificate at the - top. It looks like the following:
-
Not yet, but if there's enough demand for it we might try implementing it.
+Why did you choose a 4096-bit key instead of a 2048-bit key?
+We couldn't help ourselves—when it comes to keys, longer is better. In retrospect there were flaws in our + thinking: certain hardware devices, e.g. YubiKeys, only support keys of length 2048 bits or less. Also, there was + no technical value in making a long key—it's publicly available on GitHub, so a zero-bit key would have been + equally secure.
+Do I have to use the sslip.io domain? I'd rather have a valid cert for my domain.
+If you want valid SSL certificate, and you don't want to use the sslip.io domain, then you'll need to purchase + a certificate for your domain. We purchased ours from Cheap SSL Shop, + but use a vendor with whom you're comfortable.
+What is the sslip.io certificate chain?
+The sslip.io certificate chain is the series of certificates, each signing the next, with a root certificate + at the top. It looks like the following:
+Note that the "root" certificate is "AddTrust's External - CA Root", which issued a certificate to the "COMODO RSA - Certification Authority", which in turn issued a certificate - to the "COMODO RSA Domain Validation Secure Server CA" - which in turn issued our certificate, "*.sslip.io". -
+Note that the "root" certificate is "AddTrust's External CA Root", which issued a certificate to the "COMODO + RSA Certification Authority", which in turn issued a certificate to the "COMODO RSA Domain Validation Secure + Server CA" which in turn issued our certificate, "*.sslip.io".
How is "sslip.io" pronounced?
ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH
Where do I report bugs? I think I found one.
-Open an issue on GitHub; - we're tracking our issues there.
-There's a typo/mistake on the sslip.io website.
+Open an issue on GitHub; we're tracking our issues + there.
+There's a typo/mistake on the sslip.io website.
Thanks! We love pull requests.
-© 2015 Brian Cunnie, Pivotal Software
+ +© 2015 Brian Cunnie, Pivotal Software