SecureNT Intranet SSL

SSL/TLS Certificates for Internal Networks.

How to generate correct CSR when IP address is in CN or SAN ?

When an internal/external IP Address is part of Common Name (CN) or Subject Alternative Name (SAN) care needs to be taken while generating the CSR.

If not done correctly then the latest browsers like Chrome and Edge give an error – “Your connection to this site is not secure.” Note that deprecated Microsoft Internet Explorer does not give any error in this case.

Chrome Error when IP Address SAN value is not correct

To avoid this problem please ensure that the IP address is mentioned in the SAN extension as DNS Name and IP Address.

A sample configuration file is shown below for Multi-domain Certificate with 1+3 SAN values, where CN has IP-Address-1 and SAN values are IP-Address-2, SAN-1, and SAN-2.

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
CN = IP-Address-1
O = Org Name
L = Location/City
ST = State/Province
C = 2 digit code

[ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = IP-Address-1
IP.2 = IP-Address-2
DNS.1 = IP-Address-1
DNS.2 = IP-Address-2
DNS.3 = SAN-1
DNS.4 = SAN-2
Tagged In
Common Name CSR Generate IP Address SAN

No Comments Yet.

SecureNT Intranet SSL

SSL/TLS Certificates for Internal Networks.

Copyright © 2024 Secure Network Traffic. All rights reserved. SecureNT is a registered trademark of Secure Network Traffic.

SecureNT
attach_money Price Calculator shopping_bag Buy Now experiment Try for Free
install_desktop Installation help FAQs description Support Request
info About SecureNT call Contact Us storefront Resellers
edit_note SecureNT Blog