Hi Martin,

On Freitag, 16. September 2016 16:38:55 CEST Martin Bartosch wrote:
> > so the only thing that's open is the policy violation  (and ui fix) ;-)
> Well spotted. Could you raise an issue describing the problem on the Github
> tracker please?

Yep, I'll open an issue (probably not before next week...).

> However, I would like to suggest not to use IP addresses in certificates. In
> my experience there is very little benefit to do so if it is possible to
> use FQDNs as SANs.
> My recommendation is to only use DNS name SANs (and always FQDNs) and not to
> use IPs at all.

I totally agree with you, but if our company security policy demands for ipv4/
ipv6 addresses in SAN, I have to find a way to solve that problem.

The question for me is, how can I further troubleshoot - no other option than 
code reading? Or do you have any hint, on where the policy violation might 



OpenXPKI-users mailing list

Reply via email to