Reputation: 715
Why is public IP required for custom SSL?
I added a custom wildcard SSL certificate to my environment and a CNAME record in my registar pointing to my provider. The provider public IP is 185.54.7.222 and my environment public IP is 185.54.6.184. The public IP of my environment is never accessed so why is it required? I have to pay for it but I think this is not something I should be forced to activate...
Upvotes: 2
Views: 175
Answers (1)
Reputation: 1528
Without a public IP, your environment is accessed via a proxy server.
This is bad for performance and reliability (it's a shared resource, shared with other platform users - so in theory there's a chance for it to become overloaded by something that another user does);
The proxy server does not have your SSL certificate; only a wildcard certificate using your provider's domain name for that particular Jelastic region of their platform.
Your custom SSL certificate is installed onto your server (e.g. Apache), and therefore your users need to form a direct connection to it from the internet (not via the proxy server). That is why the public IP address is required. It gives a direct connection straight to your server.
More info in the Jelastic docs:
Note also that production environments are expected to use their own public IP address (as mentioned in the documentation).
Upvotes: 3
Related Questions
- LetsEncrypt SSL on IP Address
- Securing a private IP address (https certificate)
- How to sign an SSL certificate for an IP address?
- Create HttpServer with public ipv4 address
- Should websites with only global ip addresses be ssl?
- can you put SSL on a IP address or only on a web server's domain name?
- Why I need a SSL certificate?
- HTTPS for local IP address
- What exactly does "every SSL certificate requires a dedicated IP" mean?
- Self-Signed Certificate for Public and Private IP (Tomcat 7)