mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-05 15:46:50 +08:00
8d55c534fc
To make room for the k-v.io HTML website, we rename the `document_root` of the sslip.io website to the more explicit `document_root_sslip.io`.
165 lines
9.1 KiB
HTML
165 lines
9.1 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta name="generator" content="HTML Tidy for HTML5 for Apple macOS version 5.6.0">
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<!-- The above 3 meta tags *must* come first in the head; any
|
|
other head content must come *after* these tags -->
|
|
<title>sslip.io FAQ</title>
|
|
<meta name="description" content="sslip.io">
|
|
<meta name="author" content="Brian Cunnie"><!-- cute Green Lock icon -->
|
|
<link rel="shortcut icon" type="image/x-icon" href="img/favicon.ico"><!-- Latest
|
|
compiled and minified CSS -->
|
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
|
|
<!-- Optional theme -->
|
|
<link rel="stylesheet" href="css/starter-template.css">
|
|
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media
|
|
queries -->
|
|
<!-- WARNING: Respond.js doesn't work if you view the page via
|
|
file:// -->
|
|
<!--[if lt IE 9]> <script
|
|
src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
|
|
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
<body>
|
|
<nav class="navbar navbar-inverse navbar-fixed-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
|
|
aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span></button> <a class=
|
|
"navbar-brand" href="/">sslip.io</a>
|
|
</div>
|
|
<div id="navbar" class="collapse navbar-collapse">
|
|
<ul class="nav navbar-nav">
|
|
<li>
|
|
<a href="/">Home</a>
|
|
</li>
|
|
<li class="active">
|
|
<a href="faq.html">FAQ</a>
|
|
</li>
|
|
<li>
|
|
<a href="about.html">About</a>
|
|
</li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
</div>
|
|
</nav>
|
|
<div class="container">
|
|
<div class="starter-template">
|
|
<h1>FAQ</h1>
|
|
<p class="lead">Do I have to pay to use this service?</p>
|
|
<p>No, it's free.</p>
|
|
<p class="lead">Can I use this certificate on my commerce website?</p>
|
|
<p>Although there's no technical reason why you couldn't use the sslip.io SSL key and certificate for your
|
|
commerce web, we <i>strongly</i> recommend against it: the key is publicly available; your traffic isn't secure.
|
|
sslip.io's primary purpose is to assist developers who need to test against valid SSL certs, not to safeguard
|
|
content.</p>
|
|
<p class="lead">My webserver wants a certificate and an "intermediate certificate chain"—where do I get that?</p>
|
|
<p>Certain web servers (e.g. <a href="http://www.tenable.com">Tenable's</a> <a href=
|
|
"http://www.tenable.com/products/nessus-vulnerability-scanner">Nessus</a> scanner) prefer to split the chained
|
|
certificate file (which has three concatenated certificates) into two files: one file containing a single
|
|
certificate for the server itself (e.g. the "*.sslip.io" certificate), and a second file containing the
|
|
intermediate certificate authorities (e.g. the two COMODO certificate authorities).</p>
|
|
<p>You can split the chained certificate file by hand, or you can download them, pre-split, from GitHub:</p>
|
|
<ul>
|
|
<li>the server <a href=
|
|
"https://raw.githubusercontent.com/cunnie/sslip.io/main/ssl/sslip.io.crt.pem">certificate</a> ("*.sslip.io")
|
|
</li>
|
|
<li>the intermediate certificate <a href=
|
|
"https://raw.githubusercontent.com/cunnie/sslip.io/main/ssl/intermediate-ca.crt.pem">chain</a> (the COMODO
|
|
CAs)
|
|
</li>
|
|
</ul>
|
|
<p class="lead">Why can't I use dots in my hostname? xip.io lets me use dots.</p>
|
|
<p>You can't have dots, but you can have dashes: for example, "www-sf-ca-us-10-9-9-142.sslip.io" will work with
|
|
sslip.io's wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io" will not. This is a technical
|
|
limitation of wildcard certs and the manner in which browsers treat them (read more <a href=
|
|
"http://security.stackexchange.com/questions/10538/what-certificates-are-needed-for-multi-level-subdomains">here</a>).</p>
|
|
<p>This restricts sslip.io's usage model. For example, it won't work properly with Cloud Foundry's app domain or
|
|
system domain.</p>
|
|
<p class="lead">Does sslip.io work with name-based virtual hosting? We have multiple projects but only one
|
|
webserver.</p>
|
|
<p>sslip.io interoperates quite well with <a href=
|
|
"https://en.wikipedia.org/wiki/Virtual_hosting#Name-based">name-based virtual hosting</a>. You can prepend
|
|
identifying information to the sslip.io hostname without jeopardizing the address resolution, and then use those
|
|
hostnames to distinguish the content being served. For example, let's assume that your webserver's IP address is
|
|
10.9.9.30, and that you have three projects you're working on (Apple, Google, and Facebook). You would use the
|
|
following three sslip.io hostnames:</p>
|
|
<ul>
|
|
<li>apple-10-9-9-30.sslip.io</li>
|
|
<li>facebook-10-9-9-30.sslip.io</li>
|
|
<li>google-10-9-9-30.sslip.io</li>
|
|
</ul>
|
|
<p class="lead">Can you make the hostnames easier to remember? It's as hard as memorizing IP addresses.</p>
|
|
<p>Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" is not an easy-to-remember hostname, whereas
|
|
something along the lines of "aws-server.sslip.io" would be much simpler, but we don't see an easy solution—we
|
|
need to be able to extract the IP address from the hostname in order for our DNS nameserver to reply with the
|
|
proper address when queried.</p>
|
|
<p class="lead">Do you have support for IPv6-style addresses?</p>
|
|
<p>Not yet, but if there's enough demand for it we might try implementing it.</p>
|
|
<p class="lead">Why did you choose a 4096-bit key instead of a 2048-bit key?</p>
|
|
<p>We couldn't help ourselves—when it comes to keys, longer is better. In retrospect there were flaws in our
|
|
thinking: certain hardware devices, e.g. YubiKeys, only support keys of length 2048 bits or less. Also, there was
|
|
no technical value in making a long key—it's publicly available on GitHub, so a zero-bit key would have been
|
|
equally secure.</p>
|
|
<p class="lead">Do I have to use the sslip.io domain? I'd rather have a valid cert for my domain.</p>
|
|
<p>If you want valid SSL certificate, and you don't want to use the sslip.io domain, then you'll need to purchase
|
|
a certificate for your domain. We purchased ours from <a href="https://www.cheapsslshop.com">Cheap SSL Shop</a>,
|
|
but use a vendor with whom you're comfortable.</p>
|
|
<p class="lead">What is the sslip.io certificate chain?</p>
|
|
<p>The sslip.io certificate chain is the series of certificates, each signing the next, with a root certificate
|
|
at the top. It looks like the following:</p>
|
|
<div class="col-sm-12"><img src="img/cert_chain.png" height="206"></div>
|
|
<div class="row"></div>
|
|
<p>Note that the "root" certificate is "AddTrust's External CA Root", which issued a certificate to the "COMODO
|
|
RSA Certification Authority", which in turn issued a certificate to the "COMODO RSA Domain Validation Secure
|
|
Server CA" which in turn issued our certificate, "*.sslip.io".</p>
|
|
<p class="lead">How is "sslip.io" pronounced?</p>
|
|
<p>ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH</p>
|
|
<p class="lead">Where do I report bugs? I think I found one.</p>
|
|
<p>Open an issue on <a href="https://github.com/cunnie/sslip.io/issues">GitHub</a>; we're tracking our issues
|
|
there.</p>
|
|
<p class="lead">There's a typo/mistake on the sslip.io website.</p>
|
|
<p>Thanks! We love <a href="https://github.com/cunnie/sslip.io/pulls">pull requests</a>.</p>
|
|
<div class="row"></div>
|
|
<p>© 2015 Brian Cunnie, Pivotal Software</p>
|
|
</div>
|
|
</div><!-- /.container -->
|
|
<!-- Bootstrap core JavaScript ================================================== -->
|
|
<!--
|
|
Placed at the end of the document so the pages load faster -->
|
|
<!-- jQuery
|
|
(necessary for Bootstrap's JavaScript plugins) -->
|
|
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <!--
|
|
Latest compiled and minified JavaScript -->
|
|
|
|
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> <!--
|
|
IE10 viewport hack for Surface/desktop Windows 8 bug -->
|
|
|
|
<script src=
|
|
"https://raw.githubusercontent.com/twbs/bootstrap/master/docs/assets/js/ie10-viewport-bug-workaround.js"></script>
|
|
<!--
|
|
Google Analytics -->
|
|
|
|
<script>
|
|
(function(i, s, o, g, r, a, m) {
|
|
i['GoogleAnalyticsObject'] = r;
|
|
i[r] = i[r] || function() {
|
|
(i[r].q = i[r].q || []).push(arguments)
|
|
}, i[r].l = 1 * new Date();
|
|
a = s.createElement(o), m = s.getElementsByTagName(
|
|
o)[0];
|
|
a.async = 1;
|
|
a.src = g;
|
|
m.parentNode.insertBefore(a, m)
|
|
})(window, document, 'script',
|
|
'//www.google-analytics.com/analytics.js', 'ga');
|
|
ga('create', 'UA-43107212-2', 'auto');
|
|
ga('send', 'pageview');
|
|
</script>
|
|
</body>
|
|
</html>
|