0

I have read answers to similar questions, but this one seems a little different. The requirement of certificate here is to accommodate different types of access to server: using IP address directly and using domain name.

In such case, should I put domain name in "CN" and IP address in "SAN", will that work?

Also, how will this work under DHCP, assuming domain name remains unchanged.

Thanks for your clarification.

user180574
  • 5,681
  • 13
  • 53
  • 94

1 Answers1

1

As far as I remember, you should put the IP address as one of the Subject Alternative Names (SANs). If the browser can't find the IP Address in the SANs, I don't think it is required to check the CN. You should put the Fully Qualified Domain Name (FQDN) in both the CN and the SANs.

PhilR
  • 919
  • 5
  • 4
  • In principle, when an IP address is used, the browser should only check the SAN, not the CN, although some browsers do it anyway. (See [this question](http://stackoverflow.com/a/8444863/372643).) – Bruno Dec 05 '13 at 21:31