Confirmed users, Administrators
5,526
edits
CA/Forbidden or Problematic Practices: Difference between revisions
Jump to navigation
Jump to search
CA/Forbidden or Problematic Practices (view source)
Revision as of 22:39, 5 March 2010
, 5 March 2010→Certificates referencing hostnames or private IP addresses
| Line 44: | Line 44: | ||
It is also a problematic practice to issue a certificate with non resolvable DNS or private IP and resolvable DNS adresses together. | It is also a problematic practice to issue a certificate with non resolvable DNS or private IP and resolvable DNS adresses together. | ||
It is not standards compliant for printable ASCII representations of IP addresses to be placed in any certificate field that is intended to hold DNS names, including the subject common name and the DNSName field of the Subject Alternative Names extension. There is a place in a certificate specifically intended to be where IP (v4 or v6) addresses may be placed. It is in the Subject Alternative Names extension. The SubjectAltNames extension has places for both additional DNS names and for IP addresses. The place for IP addresses takes them in binary form, not in printable ASCII (e.g. dotted decimal) form. | |||
=== Issuing SSL Certificates for Internal Domains === | === Issuing SSL Certificates for Internal Domains === | ||