SecureNT Intranet SSL

SSL/TLS Certificates for Internal Networks.


Those might have popped-up in your mind.

How to generate correct CSR when IP address is in CN or SAN ?

When an internal/external IP Address is part of Common Name (CN) or Subject Alternative Name (SAN) care needs to be taken while generating the CSR.

If not done correctly then the latest browsers like Chrome and Edge give an error – “Your connection to this site is not secure.” Note that deprecated Microsoft Internet Explorer does not give any error in this case.


To avoid this problem please ensure that the IP address is mentioned in the SAN extension as DNS Name and IP Address.

A sample configuration file is shown below for Multi-domain Certificate with 1+3 SAN values, where CN has IP-Address-1 and SAN values are IP-Address-2, SAN-1, and SAN-2.

prompt = no
distinguished_name = dn
req_extensions = ext

CN = IP-Address-1
O = Org Name
L = Location/City
ST = State/Province
C = 2 digit code

subjectAltName = @alt_names

IP.1 = IP-Address-1
IP.2 = IP-Address-2
DNS.1 = IP-Address-1
DNS.2 = IP-Address-2
DNS.3 = SAN-1
DNS.4 = SAN-2

No Comments Yet.

Copyright © 2025 Secure Network Traffic. All rights reserved. SecureNT is a registered trademark of Secure Network Traffic.