I ordered an ssl certificate from InstantSSL and got the following pair of files:
my_ip.ca-bundle, my_ip.crt
I also previously generated my own key and crt files using openssl.
I concatenated all the crt files:
cat my_previously_generted.crt my_ip.ca_bundle my_ip.crt > chained.crt
And configured nginx as follows:
server {
...
listen 443;
ssl on;
ssl_certificate /home/dmsf/csr/chained.crt;
ssl_certificate_key /home/dmsf/csr/csr.nopass.key;
...
}
I don't have a domain name as per the clients request.
When I open the browser with https://my_ip
chrome gives me this error:
The site's security certificate is not trusted!
You attempted to reach my_ip, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You should not proceed, especially if you have never seen this warning before for this site.
Is there any way to make an ssl certificate work with only an IP address? Or am I forced to get a domain name to get a proper https connection to my site?
First of all, when you open the site in Chrome and you view the certificate properties, is it the right certificate? If not, fix your nginx so it's serving the right cert. I can't really help there.
Assuming it's correct, the IP address needs to be defined in the certificate for the browser to trust it. Specifically, it either needs to be set as the Common Name (CN) or a DNS value in the Subject Alternative Name. Note, there's an IP address value that you can use in the Subject Alternative Name, but Chrome doesn't use it. It only trusts the IP value if it's in a DNS entry.
This doesn't sound right. You should only have to concatenate the signed certificate and necessary intermediate certificates, both provided to you by the CA.
Your own, self-generated certificate (for whatever it may be) sticks out like a sore thumb there.