How to understand `when you connect directly to the IP on port 443 (https://IP:443), the SSL certificate is exposed.`?

0
votes

When I read this document:

If you host a service on xyz123boot.com, the original server IP is 136.23.63.44. CloudFlare will provide you with DDoS protection, Web application firewalls, and other security services to protect your services from attack. To do this, your Web server must support SSL and have a certificate, at which point the communication between CloudFlare and your server is encrypted (i.e., no flexible SSL exists), just like the communication between you and CloudFlare. This looks safe, but the problem is that when you connect directly to the IP on port 443 (https://136.23.63.44:443), the SSL certificate is exposed.

how to understand this line:

when you connect directly to the IP on port 443 (https://136.23.63.44:443), the SSL certificate is exposed.

1
httpsslcertificate

1 Answers

0
votes

That article is about "ways to bypass CDN to find real IP". That is, how do you find the IP address of a server when it's being proxied by a CDN server at a different IP address?

The cited paragraph applies when the CDN (CloudFlare, in this case) communicates with the origin server over SSL/TLS. The CDN will contact the origin server at port 443, and the origin server will "expose" a certificate so that they can communicate securely.

So, if you could crawl the entire internet at port 443 and gather the certificates exposed, you could then make a mapping between IP addresses and the domain names mentioned in the certificates. According to this article there is a tool (Censys) that has done just that. So by using this tool you can find the origin IP address even though the CDN itself hasn't exposed that information.