[cabfpub] IP addresses in SANs
gerv at mozilla.org
Tue Aug 18 15:13:11 UTC 2015
https://bugzilla.mozilla.org/show_bug.cgi?id=1148766 is Mozilla's
investigation of certs using IP addresses in SANs.
Our engineer says that as long as you do the proper SANs first and the
ones with IP addresses encoded as DNS names last, then it should work
everywhere, presumably as Firefox will find the good ones (which match)
and accept them, and software which doesn't understand them will skip
over them and use the broken ones.
Please let us know if your testing says something different.
More information about the Public