Default SSL Site

Aside: With Apache this occurs via...

1) A self-signed (SnakeOil) certificate can be created by installing the ssl-cert package.

2) When the main apache2 package is installed, /etc/apache2/default-ssl.conf contains references to the SnakeOil cert.

3) If you then enable this config file (a2ensite default-ssl.conf && service apache2 reload), then you have a default SSL config.

And, there's not really any point, since this will be treated as a bogus site by most browsers.

4) If you really must cover an IP with a cert (true issuance chain), you can do likely do this using https://LetsEncrypt.org as it's unlikely any other cert provider will allow IP only coverage (rather than FQDN or FQHN - fully qualified domain/host name).

And this is rarely done, as there's no real point.

I guess if you're running some Dark Net service with no DNS entries for host/domain IP resolution, this might be an application for IP only cert coverage.

No other application for IP only cert coverage comes to mind.

5) Most people just ignore this case, then if someone visits an IP, they get a server down or some other message.

Thanks.  BTW s3s3 do you have multiple ssl sites on the same server with their own certificate?  When I don't select Require Server Name Identification it tries to assign the same ssl certificate to all sites.  I'll keep plugging.  Thanks.

Yes I do have multiple sites on the same server with different certs.
You'll need to set the bindings for each site separately.

Yeah I did that but each time I got a message that indicated that this cert was being used by another site... or something similar.  When I went ahead with it, it messed up the other sites.  I found somewhere that if you select Require Server Name Identification then that won't happen and that seemed to work.