sslip.io

Turn your red lock into a green lock!


What is it?

sslip.io is a means for developers to test against valid SSL certificates without the bother of purchasing them. Two components make this possible:

  1. a special DNS backend that maps crafted hostnames to IP addresses (e.g. 192-168-0-1.sslip.io resolves to 192.168.0.1) (similar to xip.io)
  2. a wildcard SSL certificate for *.sslip.io and the corresponding key, both downloadable from GitHub

A developer can install the certificate and key on the server, configure the server's name to its sslip.io fully-qualified domain name, (e.g. 52-0-56-137.sslip.io), and then browse to the server via HTTPS using the sslip.io FQDN. All in a matter of seconds.

How do I use it?

First, find your server's IP address to determine its sslip.io hostname

Your server's sslip.io hostname is a mash-up of your server's IP address and the sslip.io domain. Here are some examples:

Server's IP Address sslip.io Hostname
52.0.56.137 52-0-56-137.sslip.io
127.0.0.1 127-0-0-1.sslip.io
10.1.1.2 www-10-1-1-2.sslip.io
172.16.0.1 console-172-16-0-1.sslip.io

Note that in the last two examples we prepended additional information to the hostname, i.e. "www-" and "console-", respectively. This allows sslip.io to work with name-based virtual hosting.

Second, download sslip.io's SSL certificate and key from GitHub

Download the SSL key (sslip.io.key.pem) and wildcard SSL certificate chain (sslip.io.chained.crt.pem) from GitHub. You may use curl if you prefer the command line:

curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.key.pem
curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.chained.crt.pem

Third, configure the webserver with your sslip.io hostname, SSL certificate, and SSL key

Configure your webserver. Set the server name to sslip.io hostname, and configure the SSL portion to use the key and certificate downloaded from GitHub. Here is a sample from sslip.io's webserver's nginx.conf (modified for clarity):

server {
  server_name         52-0-56-137.sslip.io;
  listen              443 ssl;
  ssl_certificate     /etc/ssl/sslip.io.chained.crt.pem;
  ssl_certificate_key /etc/ssl/sslip.io.key.pem;

Finally, restart your webserver and browse to its sslip.io address via HTTPS

Browse to your webserver's sslip.io hostname, e.g. https://52-0-56-137.sslip.io (assuming that 52.0.56.137 is the IP address of your webserver, which it isn't because that's the IP address of our webserver). Admire the beautiful green lock in your browser's address bar.

© 2015 Brian Cunnie, Pivotal Software