Hi, > Ha - the truncation of the IPv6 address is apparently an error in the ui. If > I > decode the certificate on the cli it shows: > > X509v3 Subject Alternative Name: > DNS:marvin.xxxx.lab, IP Address:2001:55C:5574:100:0:0:0:200, > IP Address:10.0.0.200 > > so the only thing that's open is the policy violation (and ui fix) ;-)
Well spotted. Could you raise an issue describing the problem on the Github tracker please? However, I would like to suggest not to use IP addresses in certificates. In my experience there is very little benefit to do so if it is possible to use FQDNs as SANs. My recommendation is to only use DNS name SANs (and always FQDNs) and not to use IPs at all. Cheers Martin ------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
