[cabfpub] Encoding IP addresses in the SAN
Doug Beattie
doug.beattie at globalsign.com
Wed Aug 12 03:46:56 MST 2015
As a CA we "try" to follow the rules for encoding data in SANs, but apparently some browsers do not process IP addresses when they are encoded as iPAddress - they need the IP address to be in the dNSName field. This means we need to put the same IP address in the certificate twice as a work around
Have other CAs found this to be true?
Will the browsers (at least MS and Google) eventually update their logic to process SAN types of iPAddress?
Maybe these references are out of date and all new versions support IP address correctly now, I'm not sure:
http://www.michaelm.info/blog/?p=1281
https://connect.microsoft.com/IE/feedback/details/814744/the-ie-doesnt-trust-a-san-certificate-when-connecting-to-ip-address
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150812/50cb582c/attachment.html
More information about the Public
mailing list