IP Address in certificate SAN not recognized by Windows Server 2012 R2

K

Keven Lehmann

I have observed some behavior in Windows Server 2012 R2 and I need to have official confirmation that this scenario is not supported in Windows Server 2012 R2.

I have been attempting to connect to a syslog server via ip address using a certificate that has the IP address listed in the server certificate's Subject Alternative Names. Whenever I attempt to connect (via SslStream), the certificate validation reports a RemoteCertificateNameMismatch. If I use the name in the DNS.1 section of the certificate SAN it connects. I also discovered that if I put the IP address in the SAN as a DNS entry instead of an IP address entry, the connection will succeed. It only fails when the IP address is included in the certificate using IP.x. So, a cert created with the following SAN info will fail:

DNS.1 = test.example.com
IP.1 = 10.10.10.99

But the following SAN will succeed:

DNS.1 = test.example.com
DNS.2 = 10.10.10.99

A cert created using the first SAN entries above will work when connecting from Windows Server 2016 or Windows 10, but not Windows Server 2012 R2.

Is it known behavior that Windows Server 2012 R2 does not support IP address entries in a certificate Subject Alternative Name unless the IP address is entered as a DNS?

Continue reading...
 
You must log in or register to reply here.

Similar threads

D
How can I upgrade my Windows server 2012 R2 Certificate Authority server to 2019 or later without any issues?
Replies
0
Views
61
Donte_Cates
D
W
Appx in Windows Server 2012 R2
Replies
0
Views
67
Windows.Fan.33432
W
A
Windows Server 2012 R2 Remote Desktop Unaccessible to Users
Replies
0
Views
38
Ahmad Dhamiri Muhammad Farhan
A
V
Windows Server 2012 R2 Servers not reflecting on Azure Arc
Replies
0
Views
38
Vikas Jagtap (BSL)
V
M
Windows Server 2012 R2 in place upgrade to 2016 / 2019
Replies
0
Views
64
Manuel Maliszewski
M
Back
Top Bottom