diff --git a/document_root/faq.html b/document_root/faq.html index 8b99f33..bb2e61c 100644 --- a/document_root/faq.html +++ b/document_root/faq.html @@ -84,63 +84,81 @@ other head content must come *after* these tags --> wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io" will not. This is a technical limitation of wildcard certs and the manner in which browsers treat them (read - more here). - This restricts sslip.io's usage model. For example, it + more here).

+

This restricts sslip.io's usage model. For example, it won't work properly with Cloud Foundry's app domain or - system domain. -

Can you make the hostnames easier to remember? I'm being - force to memorize IP addresses.

-

Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" - is not an easy-to-remember hostname, whereas something - along the lines of "aws-server.sslip.io" would be much - simpler, but we don't see an easy solution—we - need to be able to extract the IP address from the - hostname in order for our DNS nameserver to reply with - the proper address when queried.

-

Do you have support for IPv6-style addresses?

-

Not yet, but if there's enough demand for it we might - try implementing it.

-

Why did you choose a 4096-bit key instead of a 2048-bit - key?

-

We couldn't help ourselves—when it comes to keys, - longer is better. In retrospect there were flaws in - our thinking: certain hardware devices, e.g. YubiKeys, - only support keys of length 2048 bits or less. Also, - there was no technical value in making a long key—it's - publicly available on GitHub, so a zero-bit key would - have been equally secure.

-

Do I have to use the sslip.io domain? I'd rather have - a valid cert for my domain.

-

If you want valid SSL certificate, and you don't want - to use the sslip.io domain, then you'll need to purchase - a certificate for your domain. We purchased ours from - Cheap SSL Shop, - but use a vendor with whom you're comfortable.

-

What is the sslip.io certificate chain?

-

The sslip.io certificate chain is the series of certificates, - each signing the next, with a root certificate at the - top. It looks like the following:

-
-
-
+ system domain.

+

Does sslip.io work with name-based virtual hosting? We + have multiple projects but only one webserver.

+ +

sslip.io interoperates quite well with https://en.wikipedia.org/wiki/Virtual_hosting#Name-based. + You can prepend identifying information to the sslip.io + hostname without jeopardizing the address resolution, and then use + those hostnames to distinguish the content being served. + For example, let's assume that your webserver's IP address + is 10.9.9.30, and that you have three projects you're + working on (Apple, Google, and Facebook). You would use + the following three sslip.io hostnames:

+ + +

Can you make the hostnames easier to remember? I'm being + force to memorize IP addresses.

+

Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" + is not an easy-to-remember hostname, whereas something + along the lines of "aws-server.sslip.io" would be much + simpler, but we don't see an easy solution—we need + to be able to extract the IP address from the hostname + in order for our DNS nameserver to reply with the proper + address when queried.

+

Do you have support for IPv6-style addresses?

+

Not yet, but if there's enough demand for it we might try + implementing it.

+

Why did you choose a 4096-bit key instead of a 2048-bit + key? +

+

We couldn't help ourselves—when it comes to keys, + longer is better. In retrospect there were flaws in our + thinking: certain hardware devices, e.g. YubiKeys, only + support keys of length 2048 bits or less. Also, there + was no technical value in making a long key—it's + publicly available on GitHub, so a zero-bit key would + have been equally secure.

+

Do I have to use the sslip.io domain? I'd rather have a + valid cert for my domain.

+

If you want valid SSL certificate, and you don't want to + use the sslip.io domain, then you'll need to purchase + a certificate for your domain. We purchased ours from + Cheap SSL Shop, + but use a vendor with whom you're comfortable.

+

What is the sslip.io certificate chain?

+

The sslip.io certificate chain is the series of certificates, + each signing the next, with a root certificate at the + top. It looks like the following:

+
+
+
+

+

Note that the "root" certificate is "AddTrust's External + CA Root", which issued a certificate to the "COMODO RSA + Certification Authority", which in turn issued a certificate + to the "COMODO RSA Domain Validation Secure Server CA" + which in turn issued our certificate, "*.sslip.io". +

+

How is "sslip.io" pronounced?

+

ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH

+

Where do I report bugs? I think I found one.

+

Open an issue on GitHub; + we're tracking our issues there.

+

There's a typo/mistake on the sslip.io website.

+

Thanks! We love pull requests.

+

-

Note that the "root" certificate is "AddTrust's External - CA Root", which issued a certificate to the "COMODO - RSA Certification Authority", which in turn issued - a certificate to the "COMODO RSA Domain Validation - Secure Server CA" which in turn issued our certificate, - "*.sslip.io".

-

How is "sslip.io" pronounced?

-

ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH

-

Where do I report bugs? I think I found one.

-

Open an issue on GitHub; - we're tracking our issues there.

-

There's a typo/mistake on the sslip.io website.

-

Thanks! We love pull requests.

-
-

-
-

© 2015 Brian Cunnie, Pivotal Software

+
+

© 2015 Brian Cunnie, Pivotal Software

diff --git a/document_root/index.html b/document_root/index.html index 623fe60..b8ace09 100644 --- a/document_root/index.html +++ b/document_root/index.html @@ -75,12 +75,12 @@ src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js">
  • a wildcard SSL certificate for *.sslip.io and the corresponding key, both downloadable from GitHub
    • -

    A developer can install the certificate and key on the - server, modify the server's configuration and restart - the daemon, at which point anyone can browse the server - using the sslip.io hostname (e.g. 52-0-56-137.sslip.io) - via HTTPS and receive a valid SSL connection (green lock). - All in a matter of seconds.

    +

    Install the certificate and key on the + server, modify the server's configuration to use the certificate and key, and restart + the daemon. After that, browse the server + using the sslip.io hostname via HTTPS (e.g. + https://52-0-56-137.sslip.io) + and receive a valid SSL connection (green lock), all in a matter of seconds.

    How do I use it?

    First, find your server's IP address to determine its sslip.io hostname

    @@ -92,29 +92,24 @@ src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"> Server's IP Address sslip.io Hostname - - 52.0.56.137 - 52-0-56-137.sslip.io - 127.0.0.1 127-0-0-1.sslip.io - 10.1.1.2 - www-10-1-1-2.sslip.io + 192.168.1.80 + 192-168-1-80.sslip.io - 172.16.0.1 - console-172-16-0-1.sslip.io + 172.16.0.80 + 172-16-0-80.sslip.io + + + 52.0.56.137 + 52-0-56-137.sslip.io
    -

    Note that in the last two examples we prepended additional - information to the hostname, i.e. "www-" and "console-", - respectively. This allows sslip.io to work with name-based -virtual hosting.

    Second, download sslip.io's SSL certificate and key from GitHub

    Download the SSL key (sslip.io.key.pem)