: Does ARIN require ISPs ask for SSL key pairs before issuing an IP address? I've just asked for a new IP address for an SSL website, and my ISP responded: Before we can assign the 1

@Jessie594

Posted in: #IpAddress #Isp

I've just asked for a new IP address for an SSL website, and my ISP responded:


Before we can assign the 1 Additional IP Address you requested for [server name], we
must first ask you to provide the SSL certificate and key pair for the
respective FQDN that it will be used for.

Recently we have updated our address assignment policy to better
handle the global depletion of IPv4 addresses. One of the measures we
are taking is if customers are requesting additional IP addresses for
use of e-commerce/SSL-enabled sites, we ask that customers please
provide us with the SSL Cert and Key pair when making the request.
This is to ensure the SSL certificate and key pairs the customer
provides us with is/are indeed legitimate and do match. We have had
problems in the past with some customers either not using the IP
addresses assigned to them for SSL, or customers have provided us
fake, mismatching, or outdated SSL cert and key pairs.

Please note that a wildcard SSL certificate will only allow you one
(1) additional IP Address.

Once you provide us with the SSL Certificate and Key pair, we can begin
the process of assigning you the additional IP Address.

We apologize for this inconvenience, but the restrictions placed on us
by ARIN (the entity which controls IP address assignment in North
America) are quite specific, and [ISP name] is obligated to comply.


As a PCI compliant company, I can't just go around handing out our private keys to anyone who asks. From a brief skim through ARIN's policies I can't see anything forcing ISPs to request private keys.

1. Does ARIN require ISPs to specifically ask for certificate key pairs?

2. Is this policy unique to my ISP or is it now standard at all reputable providers?

Vote Up Vote Down

Login to post a comment!