I have a server which is accessed by IP address over a LAN. The IP address is sometimes changed, and it is never accessed with a DNS hostname. Is it possible to get a CA-signed certificate which doesn't depend on the host having a particular DNS hostname?
I am aware that I could use a self signed certificate, but I'm not in a position to install my own cert on client browsers, so it would result in the horrible self-signed-cert warnings whenever a new user accesses it.
I'm using Apache on Linux in case it matters.
You can definitely get an SSL cert for an IP address, you would use the IP address as your common name. The issue you have is the fact that it will change. If it does your going to need to get a new certificate, theres really no way round this unless you know what IP it will be changing to, then you could get a UC cert that would allow you to specify multiple IP's when you buy it.
You can't just get a cert that will work with what ever IP or hostname you decide to change to at a later date, if you could we could all masquerade as whatever SSL encrypted domain we wanted.