Follow

Certificate CN Referencing Hostnames or Private IP Addresses

Mozilla Firefox classifies using a private IP address as the Common Name (CN) on a certificate as a "problematic practice" (https://wiki.mozilla.org/CA:Problematic_Practices#Certificates_referencing_hostnames_or_private_IP_addresses), and Google Chrome also displays an error when an IP address is used as a CN. The result of using a private IP address as a CN is when a user attempts to browse the website, the user receives an error.

  • The error from Chrome is "NET:ERR_CERT_COMMON_NAME_INVALID"

  • The error from Firefox is "(Error code: sec_error_unknown_issuer)"

The recommended configuration is to use an FQDN as the CN, and specify the IP address as a SAN. 

 

Was this article helpful?
0 out of 0 found this helpful

Comments