cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
589
Views
2
Helpful
2
Replies

Expressway Web Page Insecure

Hello, guys.

A question about Expressway Administration Web Page.

We have an Expressway with a server certificate signed by a CA.

If we put the FQDN of this Expressway in the browser, ok, the connection is secure. If we put the IP ADDRESS of this Expressway in the browser it´s shows connection insecure and we need to accept the exception to go ahead.

I know that it is because the IP ADDRESS isn´t int the common name in the certificate.

There is some way to secure this access using IP ADDRESS or we need always to use the FQDN ?

 

2 Accepted Solutions

Accepted Solutions

You need to use the FQDN to not have the warning about the certificate not being valid. Either way the communication as such is secure, it’s “just” the browser warning about not being able to verify the identity of the entity.



Response Signature


View solution in original post

That is the expected behavior. When you use the IP address on the web, the PC expects the certificate presented by the server to have the same IP address details.

Adding IP address to the certificate is insecure, so only the FQDN's are included on the certs.

You need to use FQDN to avoid this issue, as @Roger Kallberg replied on this post. Or you can add the IP address to the cert, but that is not secure.



Response Signature


View solution in original post

2 Replies 2

You need to use the FQDN to not have the warning about the certificate not being valid. Either way the communication as such is secure, it’s “just” the browser warning about not being able to verify the identity of the entity.



Response Signature


That is the expected behavior. When you use the IP address on the web, the PC expects the certificate presented by the server to have the same IP address details.

Adding IP address to the certificate is insecure, so only the FQDN's are included on the certs.

You need to use FQDN to avoid this issue, as @Roger Kallberg replied on this post. Or you can add the IP address to the cert, but that is not secure.



Response Signature