We are using CF certificate on our web server. CF is set to full strict SSL option.
After reading this blog post I am unsure if we done it right to prevent IP leak.
Web server responds only to requests received from CF IP zones… both on 80 and 443 port.
If we made it this was is it possible to find our IP from public Certificate transparency logs?
If you dont include your IP address in your certificate request, it shouldnt leak there.
I have used IIS 10 to create certificate request. There is no option to set or delete IP address…
In that case I do not assume your IP address will be included, but you can always check the CSR manually.
It was not included in CSR as far as I can see…
Then it shouldnt be part of the eventual certificate either. SSL certificates could be a potential leak for IP addresses, but this is typically rather indirectly via the webserver exposing the certificate publicly (with the configured hostnames) than the certificate containing the IP address itself.
That doesnt mean that it wouldnt be possible, it just is less likely.
This topic was automatically closed after 30 days. New replies are no longer allowed.