Mozilla Firefox classifies using a private IP address as the Common Name (CN) on a certificate as a "problematic practice" (https://wiki.mozilla.org/CA:Problematic_Practices#Certificates_referencing_hostnames_or_private_IP_addresses), and Google Chrome also displays an error when an IP address is used as a CN. The result of using a private IP address as a CN is when a user attempts to browse the website, the user receives an error.
- The error from Chrome is "NET:ERR_CERT_COMMON_NAME_INVALID"
- The error from Firefox is "(Error code: sec_error_unknown_issuer)"
The recommended configuration is to use an FQDN as the CN, and specify the IP address as a SAN.
Comments