如何使用IP地址而不是DNS（.net C＃）获得SSL证书

Question

I'm trying to get the SSL certificates using an ip address or if could be possible both (DNS and IP address), to be honest I don't have any idea about SSL certificates, I've been reading a little bit on it, I have to do it because is a new requirement and we have to use ip address that are not associated with a DNS (in some cases)

After search I found this solution:

//Do webrequest to get info on secure site
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(txbURL.Text);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
request.AllowAutoRedirect = false;
response.Close();

//retrieve the ssl cert and assign it to an X509Certificate object
X509Certificate cert = request.ServicePoint.Certificate;

//convert the X509Certificate to an X509Certificate2 object by passing it into the constructor
X509Certificate2 cert2 = new X509Certificate2(cert);

//display the cert dialog box
rtbResult.Text = string.Format("Not Before: {0}\nNot After: {1}", cert2.NotBefore, cert2.NotAfter);

they asked only for the NotBefore and NotAfter date and is working if you use something like http://www.google.com but not with an ip address, do you know how could I use an ip address on it?

Answer 1

I have recently successfully pulled a certificate issued on a private IP from a local server (signed by an experimental CA, but this doesn't matter), so this is neither a bug, nor your app fault (probably - I used HttpClient class methods, but your code looks fine too).

The real question is, if the server you are trying to pull a certificate from, supports SSL/TLS on IP connections and has a valid (in the OS context) certificate assigned to its IP. On most modern webservers certificates are implemented on virtual hosts using Server Name Indication and querying it only by its IP can return either a self-signed, untrusted certificate, an invalid (expired) one or no certificate at all, leading to SSL negotiation errors.