[cabfpub] Encoding IP addresses in the SAN

Gervase Markham gerv at mozilla.org
Wed Aug 12 11:17:53 UTC 2015

On 12/08/15 11:46, Doug Beattie wrote:
> As a CA we “try” to follow the rules for encoding data in SANs, but
> apparently some browsers do not process IP addresses when they are
> encoded as iPAddress – they need the IP address to be in the dNSName
> field.  This means we need to put the same IP address in the certificate
> twice as a work around
> Have other CAs found this to be true?
> Will the browsers (at least MS and Google) eventually update their logic
> to process SAN types of iPAddress?

https://bugzilla.mozilla.org/show_bug.cgi?id=1148766 is a related bug on
the Mozilla side, where the suggestion is that we loosen up our checking
so that a cert with both forms will still work.


More information about the Public mailing list