Skip to Content.
Sympa Menu

cacert-sysadm - Re: certificate for an IP address

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: certificate for an IP address


Chronological Thread 
  • From: Ian G <iang AT cacert.org>
  • To: cacert-sysadm AT lists.cacert.org
  • Subject: Re: certificate for an IP address
  • Date: Sun, 04 Oct 2009 21:35:10 +0200
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none

On 02/10/2009 08:13, Christopher Hoth [CAcert.org] wrote:
Hi Ian,

it works (tested a few minutes ago). I´ll send you the address via
seperate mail.


Aha, thanks Christopher. That is a server cert with an external IP# in. Some more questions, for the CPS:

What checks were offered to you to get the "name" added to the system?

(I noted Rafael's email, thanks, did the IP# need to be entered as [00.0.0.0] with square brackets?)

What happens if you try for a domain 10.0.0.1 ?

Can it be done for a client cert?

Here's where I'm going with this: The CPS says none of this, as far as I can see. It is also a hot issue over at Mozilla and other places. So the very first step is to figure out whether we do something like that. Complete.
Second step is to document what and how.  Questions above.
Third step is to propose this to policy group as an addition to the CPS. As the CPS is in DRAFT we can't just shove it in, so we have to do it properly.

Luckily there is no auditor present. If this happened when the auditor was here, it would be an audit failed. You don't say what you do and you don't do what you say!

Thanks for the help so far, luckily we have a breathing space to nail this one down!

iang

Regards,
Christopher

-------- Original Message  --------
Subject: certificate for an IP address
From: Ian 
G<iang AT cacert.org>
To: CAcert System 
Administrators<cacert-sysadm AT lists.cacert.org>
Date: Fri Oct 02 2009 07:45:37 GMT+0200 (CEST)

Does anyone have an IP address allocated to themselves?  Can they try to
get a certificate with an IP# in it instead of a domain name?  I am told
that it is just a matter of entering the IP# into the place where you
would normally try and add a domain name, when getting the cert.

If this works, we would likely have to update the CPS, with reference to
names.

iang





Archive powered by MHonArc 2.6.16.

Top of Page