Define IP address inside multi-domain SSL certificate.
I will use a self-signed certificate as it is enough to show how it works.
Describe certificate. Use DNS option to define a DNS name and IP option do define an IP address.
$ cat <<EOF | tee certificate.cfg [ req ] req_extensions = req_ext distinguished_name = req_distinguished_name prompt = no [req_distinguished_name] commonName=example.org [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = example.org DNS.2 = *.example.org IP.1 = 10.0.0.10 IP.2 = 10.0.0.11 EOF
Generate certificate.
$ openssl req -x509 -config certificate.cfg -extensions req_ext -nodes -days 360 -newkey rsa:2048 -sha256 -keyout certificate.key -out certificate.crt
Generating a RSA private key ...................................................+++++ ...................................................+++++ writing new private key to 'certificate.key' -----
Display certificate.
$ openssl x509 -in certificate.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:a8:ae:1f:c2:3f:24:51:71:f6:31:f3:62:cb:4f:5c:21:4f:39:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = example.org
Validity
Not Before: Feb 24 23:11:50 2021 GMT
Not After : Feb 19 23:11:50 2022 GMT
Subject: CN = example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:f6:81:8b:de:d5:d7:bc:46:e5:8a:65:53:bd:
69:8d:84:32:f2:89:56:18:fa:ed:bc:c7:f1:0f:32:
cb:d2:5a:4d:7d:08:fb:15:03:17:ba:be:1b:03:5a:
5d:bc:6a:db:a9:c2:9c:2d:e6:23:4b:38:cf:1d:c6:
8d:dc:f6:d6:74:4c:bc:d1:fd:c9:da:15:5b:26:a4:
04:0c:07:58:5c:19:00:f1:e5:04:d2:01:de:c7:7f:
da:e1:6b:1a:8d:5a:e9:d0:86:43:e2:83:5b:7d:d8:
f8:bf:b6:2b:e4:a5:2a:b8:e1:c4:3a:5c:78:5b:2a:
bb:8c:87:8b:43:07:f2:a8:fb:ed:7b:05:9f:ef:85:
00:9f:a4:b1:b1:9e:c5:bc:6d:ea:3a:f4:6f:84:a8:
f5:fb:1c:1b:93:32:9a:e1:b8:21:bf:8d:2b:dc:69:
73:76:dc:85:75:61:ce:d9:b3:97:0e:63:07:e1:cd:
1a:1e:b6:9e:cd:e6:5d:d7:88:a3:98:bf:f2:cf:53:
ed:e4:46:a1:c9:6a:b5:26:05:66:b8:0b:c1:75:d4:
13:e9:97:f9:1d:4a:05:1f:bd:fb:db:21:9f:52:72:
31:7b:cb:fe:63:1f:62:93:87:9c:43:77:07:ab:aa:
d2:8e:03:44:37:0b:d2:5e:26:11:53:d4:1b:9d:5b:
82:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:example.org, DNS:*.example.org, IP Address:10.0.0.10, IP Address:10.0.0.11
Signature Algorithm: sha256WithRSAEncryption
b7:66:a4:2b:27:e6:db:85:08:87:47:9e:8f:85:56:d9:da:7d:
f0:1d:fe:8e:8f:d3:78:f8:62:17:3f:b3:1f:a1:e2:61:18:a8:
90:90:90:be:e2:e8:d4:66:a5:bd:83:d3:0f:e8:53:cd:6c:37:
76:24:94:ce:b2:e1:d9:c1:05:42:80:4e:2b:58:32:40:71:84:
e3:d9:02:a3:1f:b6:6d:f7:f1:ee:7f:2d:a9:8b:36:da:04:28:
a5:1c:75:1f:04:db:4d:b2:f1:31:70:28:7f:e7:c0:e7:0d:af:
6f:29:5c:04:8c:9d:e6:8f:20:67:d9:41:98:f5:4a:f1:a6:6a:
4d:90:4f:60:13:b5:67:27:0b:0a:e7:5e:65:c2:de:0e:b5:23:
ae:67:29:57:98:c5:4f:12:00:6a:ce:bb:f7:5c:d4:5b:84:82:
b5:31:92:8f:d6:17:05:40:db:ec:7e:2d:0e:28:37:6e:57:41:
40:db:82:37:3e:26:63:d2:a5:72:8a:59:12:1e:cf:18:43:ac:
c5:e6:c6:b9:11:23:7a:05:bf:5c:8e:a3:de:64:b9:b2:0e:7c:
36:1c:c4:6f:74:51:2f:ed:b3:20:b4:4e:42:94:29:46:3f:a7:
e4:73:f9:ab:82:2d:a5:8a:32:37:31:0c:01:3d:e4:50:04:48:
9f:27:69:21
