How to generate a Self Signed SSL Certificate bound to IP address?

It doesn't matter if your subject is a name or an IP, the way you need to fix the cert being untrusted is the same: trust the self-signed cert on the local system.

If for some reason you need to use an IP instead of a name (hosts file?), then set up a subject alternative name with the IP address, like IP:192.0.2.1.


[Reposting my comment as the answer]

I have realized that SSL certificate for a public IP address is not that a good idea from the answers to the related question (linked to this question) by @MadHatter.

I have decided to use SSL cert bound to a domain name and use the hosts file for the dns resolution for the testing and demo purposes.

I have generated a self signed certificate using the command =>

keytool -genkey -keyalg RSA -alias selfsigned -keystore demo1keystore.jks -storepass mykeystore@789 -validity 360 -keysize 2048

To add to the trust store read by chrome => I have followed the instructions from this link

I have tested all this to understand what works in practice.

Tried with a

  • Self signed certified bound to a domain name and tested SSL connectivity with Chrome and Firefox and a Jetty Server. Things worked fine.
  • Self signed certified bound to a IP ADDRESS and tested SSL connectivity with Chrome and Firefox and a Jetty Server. The Chrome Browser failed to trust the certificate.

If anyone else has a different perspective about this, please reply as a comment. Accepting this as answer.