Using an IP Address in an SSL Certificate

The lowdown on IPs in SSL certificates

Customers often ask us if they can use an IP address in an SSL certificate instead of a fully qualified domain name. The short answer is yes, but we only recommend it if you cannot use a domain name.

You must consider specific stipulations, conditions, and limitations if you need an IP in your cert.

Requirements and restrictions on IP addresses in SSL certificates

  • Public IP addresses only (e.g., 18.236.49.115)
  • Reserved IP addresses (local) are not allowed ((e.g., 10.0.x.x, 192.168.x.x)
  • Domain Validated (DV) and Organization Validated (OV) certificates only (EV certs cannot have an IP address)
  • You must prove that you "own" or control the IP by hosting a .txt file containing a generated random string token at a predetermined location on your website. We will provide you with this token and instructions after you submit your IP SSL order. Before placing an IP certificate order, you'll want to review the steps required to prove IP ownership by the HTTPS File-based Token DCV method.

Which SSL certificate products will support a public IP address?

We have a few SSL certificate products ready to go specifically for IPs.
+ Shop IP SSL Certificates

Can I add an IP Address as a SAN mixed with other IP Addresses or FQDNs?

Yes! You can add a SAN for an IP Address to any non-EV Multi-domain Certificate. The SANs must meet the same requirements and restrictions mentioned above. See more FAQs about using an IP address in SSL certificates.

If you absolutely cannot prove you control the IP

If you cannot prove your organization has been assigned the IP by placing a .txt file on your web server, there is a workaround, but it's not recommended as a first choice. The vetting team can attempt to call the Point of Contact (POC) listed on the WHOIS for your IP address to confirm you have permission to use the IP. Please understand that while the vetting team can attempt to place a call to the POC, there's no guarantee the POC take the call or call them back.

To see the underlying WHOIS information for your IP, you can use the following approved links for official IP contacts and assignments.

  • ARIN - American Registry for Internet Numbers
  • AFRINIC - African Network Information Center
  • APNIC - Asia-Pacific Network Information Centre
  • LACNIC- Latin America and Caribbean Network Information Centre
  • RIPE NCC - Réseaux IP Européens Network Coordination Centre

When using ARIN you don't need an account. Type your IP in the upper-right corner of the page in the SEARCH WhoisRWS box.

ARIN website example.