sslip.io

Turn your red lock into a green lock!


What is it?

sslip.io is a means for developers to test against valid SSL certificates without the bother of purchasing them. Two components make this possible:

  1. a special DNS backend that maps crafted hostnames to IP addresses (e.g. 192-168-0-1.sslip.io resolves to 192.168.0.1) (similar to xip.io)
  2. a wildcard SSL certificate for *.sslip.io and the corresponding key, both downloadable from GitHub

Install the certificate and key on the server, modify the server's configuration to use the certificate and key, and restart the daemon. After that, browse the server using the sslip.io hostname via HTTPS (e.g. https://52-0-56-137.sslip.io) and receive a valid SSL connection (green lock), all in a matter of seconds.

How do I use it?

First, find your server's IP address to determine its sslip.io hostname

Your server's sslip.io hostname is a mash-up of your server's IP address and the sslip.io domain. Here are some examples:

Server's IP Address sslip.io Hostname
127.0.0.1 127-0-0-1.sslip.io
192.168.1.80 192-168-1-80.sslip.io
172.16.0.80 172-16-0-80.sslip.io
52.0.56.137 52-0-56-137.sslip.io

Second, download sslip.io's SSL certificate and key from GitHub

Download the SSL key (sslip.io.key.pem) and wildcard SSL certificate chain (sslip.io.chained.crt.pem) from GitHub. You may use curl if you prefer the command line:

curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.key.pem
curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.chained.crt.pem

Third, configure the webserver with the SSL certificate & key

Configure the server's configuration file's SSL portion to use the SSL certificate & key downloaded from GitHub. Here is a sample from sslip.io's webserver's nginx.conf (modified for clarity):

server {
  listen              443 ssl;
  ssl_certificate     /etc/ssl/sslip.io.chained.crt.pem;
  ssl_certificate_key /etc/ssl/sslip.io.key.pem;

Here's a similar configuration for Apache 2.4's httpd-ssl.conf:

Listen 443
SSLCertificateFile "/etc/ssl/sslip.io.chained.crt.pem"
SLCertificateKeyFile "/etc/ssl/sslip.io.key.pem"

Finally, restart your webserver and browse to its sslip.io address via HTTPS

Browse to your webserver's sslip.io hostname, e.g. https://52-0-56-137.sslip.io (assuming that 52.0.56.137 is the IP address of your webserver, which it isn't because that's the IP address of our webserver). Admire the beautiful green lock in your browser's address bar.

© 2015 Brian Cunnie, Pivotal Software