nip/document_root/faq.html

<!doctype html>
<html lang="en">

<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width,
initial-scale=1">
  <!-- The above 3 meta tags *must* come first in the head; any
other head content must come *after* these tags -->
  <title>sslip.io FAQ</title>
  <meta name="description" content="sslip.io">
  <meta name="author" content="Brian Cunnie">
  <!-- cute Green Lock icon -->
  <link rel="shortcut icon" type="image/x-icon" href="img/favicon.ico">
  <!-- Latest
  compiled and minified CSS -->
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
  <!-- Optional theme -->
  <link rel="stylesheet" href="css/starter-template.css">
  <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media
  queries -->
  <!-- WARNING: Respond.js doesn't work if you view the page via
  file:// -->
  <!--[if lt IE 9]> <script
  src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
  <![endif]-->
</head>

<body>
  <nav class="navbar navbar-inverse navbar-fixed-top">
    <div class="container">
      <div class="navbar-header">
        <button type="button" class="navbar-toggle
  collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false"
        aria-controls="navbar">
          <span class="sr-only">Toggle navigation </span>
          <span class="icon-bar"></span>
          <span class="icon-bar"></span>
          <span class="icon-bar"></span>
        </button> <a class="navbar-brand" href="/">sslip.io</a> </div>
      <div id="navbar" class="collapse
  navbar-collapse">
        <ul class="nav navbar-nav">
          <li><a href="/">Home</a></li>
          <li class="active"><a href="faq.html">FAQ</a></li>
          <li><a href="about.html">About</a></li>
        </ul>
      </div>
      <!--/.nav-collapse -->
    </div>
  </nav>
  <div class="container">
    <div class="starter-template">
      <h1>FAQ</h1>
      <p class="lead">Do I have to pay to use this service?</p>
      <p>No, it's free.</p>
      <p class="lead">Can I use this certificate on my commerce website?</p>
      <p>Although there's no technical reason why you couldn't use
        the sslip.io SSL key and certificate for your commerce
        web, we <i>strongly</i> recommend against it: the key
        is publicly available; your traffic isn't secure. sslip.io's
        primary purpose is to assist developers who need to test
        against valid SSL certs, not to safeguard content.</p>
      <p class="lead">My webserver wants a certificate and an "intermediate certificate
        chain"&mdash;where do I get that? </p>
      <p>Certain web servers (e.g. <a href="http://www.tenable.com">Tenable's</a>        <a href="http://www.tenable.com/products/nessus-vulnerability-scanner">Nessus</a>        scanner) prefer to split the chained certificate file
        (which has three concatenated certificates) into two
        files: one file containing a single certificate for the
        server itself (e.g. the "*.sslip.io" certificate), and
        a second file containing the intermediate certificate
        authorities (e.g. the two COMODO certificate authorities).</p>
      <p>You can split the chained certificate file by hand, or
        you can download them, pre-split, from GitHub: </p>
      <ul>
        <li>the server <a href="https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.crt.pem">certificate</a>          ("*.sslip.io") </li>
        <li>the intermedicate certificate <a href="https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/intermediate-ca.crt.pem">chain</a>          (the COMODO CAs)</li>
      </ul>
      <p class="lead">Why can't I use dots in my hostname? xip.io lets me use
        dots. </p>
      <p>You can't have dots, but you can have dashes: for example,
        "www-sf-ca-us-10-9-9-142.sslip.io" will work with sslip.io's
        wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io"
        will not. This is a technical limitation of wildcard
        certs and the manner in which browsers treat them (read
        more <a href="http://security.stackexchange.com/questions/10538/what-certificates-are-needed-for-multi-level-subdomains">here</a>).</p>
      <p>This restricts sslip.io's usage model. For example, it
        won't work properly with Cloud Foundry's app domain or
        system domain.</p>
      <p class="lead">Does sslip.io work with name-based virtual hosting? We
        have multiple projects but only one webserver.</p>

      <p> sslip.io interoperates quite well with <a href="https://en.wikipedia.org/wiki/Virtual_hosting#Name-based">name-based virtual hosting</a>.
        You can prepend identifying information to the sslip.io
        hostname without jeopardizing the address resolution, and then use
        those hostnames to distinguish the content being served.
        For example, let's assume that your webserver's IP address
        is 10.9.9.30, and that you have three projects you're
        working on (Apple, Google, and Facebook). You would use
        the following three sslip.io hostnames: </p>

      <ul>
        <li>apple-10-9-9-30.sslip.io</li>
        <li>facebook-10-9-9-30.sslip.io</li>
        <li>google-10-9-9-30.sslip.io</li>
      </ul>
      <p class="lead">Can you make the hostnames easier to remember? It's as
        hard as memorizing IP addresses.</p>
      <p>Unfortunately, no. We appreciate that "52-0-56-137.sslip.io"
        is not an easy-to-remember hostname, whereas something
        along the lines of "aws-server.sslip.io" would be much
        simpler, but we don't see an easy solution&mdash;we need
        to be able to extract the IP address from the hostname
        in order for our DNS nameserver to reply with the proper
        address when queried.</p>
      <p class="lead">Do you have support for IPv6-style addresses?</p>
      <p>Not yet, but if there's enough demand for it we might try
        implementing it.</p>
      <p class="lead">Why did you choose a 4096-bit key instead of a 2048-bit
        key?
      </p>
      <p>We couldn't help ourselves&mdash;when it comes to keys,
        longer is better. In retrospect there were flaws in our
        thinking: certain hardware devices, e.g. YubiKeys, only
        support keys of length 2048 bits or less. Also, there
        was no technical value in making a long key&mdash;it's
        publicly available on GitHub, so a zero-bit key would
        have been equally secure.</p>
      <p class="lead">Do I have to use the sslip.io domain? I'd rather have a
        valid cert for my domain.</p>
      <p>If you want valid SSL certificate, and you don't want to
        use the sslip.io domain, then you'll need to purchase
        a certificate for your domain. We purchased ours from
        <a href="https://www.cheapsslshop.com">Cheap SSL Shop</a>,
        but use a vendor with whom you're comfortable. </p>
      <p class="lead">What is the sslip.io certificate chain? </p>
      <p>The sslip.io certificate chain is the series of certificates,
        each signing the next, with a root certificate at the
        top. It looks like the following:</p>
      <div class="col-sm-12">
        <img src="img/cert_chain.png" height="206" /> </div>
      <div class="row"></div>
      <p></p>
      <p>Note that the "root" certificate is "AddTrust's External
        CA Root", which issued a certificate to the "COMODO RSA
        Certification Authority", which in turn issued a certificate
        to the "COMODO RSA Domain Validation Secure Server CA"
        which in turn issued our certificate, "*.sslip.io".
      </p>
      <p class="lead">How is "sslip.io" pronounced?</p>
      <p>ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH</p>
      <p class="lead">Where do I report bugs? I think I found one.</p>
      <p>Open an issue on <a href="https://github.com/cunnie/sslip.io/issues">GitHub</a>;
        we're tracking our issues there.</p>
      <p class="lead">There's a typo/mistake on the sslip.io website. </p>
      <p>Thanks! We love <a href="https://github.com/cunnie/sslip.io/pulls">pull requests</a>.</p>
      <div class="row">
        <p></p>
      </div>
      <p>&copy; 2015 Brian Cunnie, Pivotal Software </p>
    </div>
  </div>
  <!-- /.container -->
  <!-- Bootstrap core JavaScript ================================================== -->
  <!--
  Placed at the end of the document so the pages load faster -->
  <!-- jQuery
  (necessary for Bootstrap's JavaScript plugins) -->
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
  <!--
  Latest compiled and minified JavaScript -->
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
  <!--
  IE10 viewport hack for Surface/desktop Windows 8 bug -->
  <script src="https://raw.githubusercontent.com/twbs/bootstrap/master/docs/assets/js/ie10-viewport-bug-workaround.js"></script>
  <!--
  Google Analytics -->
  <script>
    (function(i, s, o, g, r, a, m) {
      i['GoogleAnalyticsObject'] = r;
      i[r] = i[r] || function() {
        (i[r].q = i[r].q || []).push(arguments)
      }, i[r].l = 1 * new Date();
      a = s.createElement(o), m = s.getElementsByTagName(
        o)[0];
      a.async = 1;
      a.src = g;
      m.parentNode.insertBefore(a, m)
    })(window, document, 'script',
      '//www.google-analytics.com/analytics.js', 'ga');
    ga('create', 'UA-43107212-2', 'auto');
    ga('send', 'pageview');
  </script>
</body>

</html>