Hello everybody,
I would like to access a https server using the IP in the URL string with my browser without having the certificate warning.
Right now, I have my CA certificate imported into my browser and the server private key and certificate placed into the https server.
The cn field equals the fqdn: myserver.example.com
When I access myserver.example.com with my broswer everything just works fine.
=
I read that I should use subjectAltName if I wanted to access this server with the IP 1.1.1.1
So I modified the openssl.cnf
I regenerated my server certificate and signed it with the CA.
Code:
# openssl x509 -in servercert.crt -noout -text
shows
Code:
Subject: C=FR, ST=IDF, L=Paris, O=MyOrg, OU=MyDpt, CN=myserver.example.com/subjectAltName=1.1.1.1/emailAddress=email@example.com
And after installing the certificate I can retrieve it with
Code:
#openssl s_client -connect 1.1.1.1:443 -state -debug
it shows
Code:
subject=/C=FR/ST=IDF/L=Paris/O=MyOrg/OU=MyDpt/CN=myserver.example.com/subjectAltName=1.1.1.1/emailAddress=email@example.com
and also tried with IP:1.1.1.1
Code:
#openssl s_client -connect 1.1.1.1:443 -state -debug
which shows
Code:
subject=/C=FR/ST=IDF/L=Paris/O=MyOrg/OU=MyDpt/CN=myserver.example.com/subjectAltName=IP:1.1.1.1/emailAddress=email@example.com
So I think it did everything right however my browser sends me the certificate warning when I access the server with 1.1.1.1 in the URL but doesn't display a warning if I access it with the FQDN (myserver.example.com)
Does someone have an idea on how to troubleshoot this ?