Mobile app version of vmapp.org
Login or Join
Jessie594

: Does ARIN require ISPs ask for SSL key pairs before issuing an IP address? I've just asked for a new IP address for an SSL website, and my ISP responded: Before we can assign the 1

@Jessie594

Posted in: #IpAddress #Isp

I've just asked for a new IP address for an SSL website, and my ISP responded:


Before we can assign the 1 Additional IP Address you requested for [server name], we
must first ask you to provide the SSL certificate and key pair for the
respective FQDN that it will be used for.

Recently we have updated our address assignment policy to better
handle the global depletion of IPv4 addresses. One of the measures we
are taking is if customers are requesting additional IP addresses for
use of e-commerce/SSL-enabled sites, we ask that customers please
provide us with the SSL Cert and Key pair when making the request.
This is to ensure the SSL certificate and key pairs the customer
provides us with is/are indeed legitimate and do match. We have had
problems in the past with some customers either not using the IP
addresses assigned to them for SSL, or customers have provided us
fake, mismatching, or outdated SSL cert and key pairs.

Please note that a wildcard SSL certificate will only allow you one
(1) additional IP Address.

Once you provide us with the SSL Certificate and Key pair, we can begin
the process of assigning you the additional IP Address.

We apologize for this inconvenience, but the restrictions placed on us
by ARIN (the entity which controls IP address assignment in North
America) are quite specific, and [ISP name] is obligated to comply.


As a PCI compliant company, I can't just go around handing out our private keys to anyone who asks. From a brief skim through ARIN's policies I can't see anything forcing ISPs to request private keys.

1. Does ARIN require ISPs to specifically ask for certificate key pairs?

2. Is this policy unique to my ISP or is it now standard at all reputable providers?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Jessie594

1 Comments

Sorted by latest first Latest Oldest Best

 

@Cody1181609

Does ARIN require ISPs to specifically ask for certificate key
pairs?


There is no legitimate need for anyone else to have access to your private key if you are managing your own server - you have every right to be skeptical of this "requirement" and you can be certain that it is not an ARIN mandate (see ARIN Number Resource Policy Manual).


Is this policy unique to my ISP or is it now standard at all
reputable providers?


This is not the behavior of a reputable provider.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme