> Ha - the truncation of the IPv6 address is apparently an error in the ui. If 
> I 
> decode the certificate on the cli it shows:
>            X509v3 Subject Alternative Name:
>                DNS:marvin.xxxx.lab, IP Address:2001:55C:5574:100:0:0:0:200, 
> IP Address:
> so the only thing that's open is the policy violation  (and ui fix) ;-)

Well spotted. Could you raise an issue describing the problem on the Github 
tracker please?

However, I would like to suggest not to use IP addresses in certificates. In my 
experience there is very little benefit to do so if it is possible to use FQDNs 
as SANs.

My recommendation is to only use DNS name SANs (and always FQDNs) and not to 
use IPs at all.



OpenXPKI-users mailing list

Reply via email to