[cabfpub] [cabfquest] Are there constraints surrounding the use of IP addresses in the SAN of an EV certificate?

Ben Wilson ben at digicert.com
Mon Oct 21 17:28:16 UTC 2013


Brian,

I am not sure whether your questions have been answered separately or
whether you've had a chance to review the attached guidance provided by the
CA/Browser Forum.  Could you please take a look at it and get back to us on
whether this document provides any answers to your questions and which of
your questions might still remain?

Thanks,

Ben 

 

From: questions-bounces at cabforum.org [mailto:questions-bounces at cabforum.org]
On Behalf Of Brian Reichert
Sent: Monday, October 21, 2013 9:14 AM
To: questions at cabforum.org
Subject: [cabfquest] Are there constraints surrounding the use of IP
addresses in the SAN of an EV certificate?

 

(My apologies for the acronym-heavy question.)

 

We sell a clustered network appliance, and provide an interface for
generating a CSR. The CSRs are for hosts that are not public-facing, they
are for internal infrastructure.

 

Our process for generating CSRs include introducing IP addresses in the SAN.
Increasingly, we're seeing CAs reject these CSRs, not accepting IP addresses
in the SAN.

 

I can't tell if this is due to them being selectively picky, or if there's
some external specification they're adhering to.

 

I'll admit, I don't know specific CAs handle Domain Validation,
Organizational Validation, and Extended Validation certificates in the
vetting process.  Their FAQs refer to their certs being 'issued in
conformance with the extended validation guidelines defined by the
CA/Browser Forum', but I can't find any specifics.

 

Can someone provide any guidance on this matter?

 

Thanks for any feedback.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131021/55f67d7b/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Guidance-Deprecated-Internal-Names.pdf
Type: application/pdf
Size: 192566 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131021/55f67d7b/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5453 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131021/55f67d7b/attachment.p7s>


More information about the Public mailing list