IP Addresses in Certificates
IP addresses must not be included in the certificate for the Password Secure Application Server.
Although technically possible, modern systems are increasingly rejecting certificates that contain IP addresses.
Reason
Volatility of IPs: IP addresses are subject to change (e.g., through DHCP leases, load balancers, or network reconfiguration).
Reliability of Hostnames: Certificates are designed to validate hostnames (DNS entries), which are consistent and resolvable identifiers.
Therefore, only DNS names are considered valid entries in certificates.
Valid Certificate Configuration
Common Name (CN)
server-passwordsecure.myorg.internSubject Alternative Name (SAN)
The SAN extension must include at least the following:
DNS: server-passwordsecure.myorg.intern
(mandatory – the first SAN entry must be identical to the CN)
Optional additional SAN entries may be included, for example:
DNS: server-passwordsecureDNS: passwordsecure…