Restrict account access by IP address ranges

IP restrictions control which IP addresses can access CertCentral, Guest URLs, and the CertCentral API. By default, CertCentral allows access from any IP address.

After you enable IP restrictions and create at least one rule, access changes to a deny-by-default model. Only IP addresses included in active rules can access your account. Rules take effect immediately after you save them.

Implementing IP restrictions provides several benefits, including enhanced security, increased control, and improved compliance with security best practices. However, you must maintain your IP restriction rules. This means keeping your IP restriction rules up to date as your environment evolves. It also includes addressing potential false positives if the absence of a rule inadvertently blocks legitimate access to CertCentral. Also, you may need to adjust your IP restriction rules if they become too restrictive.

Configure IP restrictions in Settings > IP Restrictions.