ssl with a changing ip address server

I'm doing testing with ssl and I need to give certificates to all the client machines so they can make wcf calls to the virtual machine server I have.

I'm assuming that the certificate has to match the name they type into the address bar in order to no giv开发者_开发知识库e some sort of invalid certificate crash.

They type in an IP. Sometimes this IP changes. I don't want to keep having to install certificates on all the clients.

Perhaps I can use the hosts file to do this?

DNS is not an option here.

Whats the best way to do this (this is for a test environment only).

Here is what I would do in your case:

• Create my own certificate (MyCA) to be used as a Certificate Authority
• Install myCA as a trusted root authority on each client. (once off job)
• Then I'll sign a certificate for each test host with MyCA.

The SSL handshake works by matching the Common Name attribute of the SSL certificate the server (test host) serves on the client side. Thus, the name the the client uses to resolve the test host. To ensure that the names matches, you can use DNS or your hosts file.

PS: I've never signed an certificate by setting the common name attribute to an IP address but it might be worth a try. The case above worked nice for me in several cases.

There are many tutorials on the net, so here is one. There are also ways to sign IIS requests with OpenSSL.

The bottom line is: You server's SSL certificate must be fine and validated by the client.

For test environment, if the name doesnt match on the certificate, the user will be warned and can click to ignore the warning and proceed. I've used certs in this way for testing environs in the past.