Intel® Business Client Software Development
Support for Intel® vPro™ software development and the technologies associated with Intel vPro platforms.
Announcements
This community is designed for sharing of public information. Please do not share Intel or third-party confidential information here.

Has the CN of a certificate always to be the FQDN?

theperfectwave
Beginner
158 Views

We did several tests with TLS secured connections to AMT computers. We always used certificates whose CNs (common names) contained the FQDNs of the AMT computers.

When using the AMT computers FQDNs as the CNs of the certificates, all the tests worked fine.

__________________________________________________________________

Now the question is: can also the IP-addresses or just the simple computer names (not the full FQDNs) be used for the CNs? We tried to use certificates to whose CNs the ip-addresses or the simple computer names have been assigned. Those tests failed.

But why:

* Did we make a mistake in those tests?

* Or is it just impossible to use the IP-addresses or simple computer names for the CNs? --> Are always the FQDNs required?

0 Kudos
1 Reply
Andrew_S_Intel2
Employee
158 Views
It is possible (although not recommended) to use TLS with IP addresses. Mainly it's not recommended because the IP addresses are more likely to change than the FQDN, with the exception of static IP configuration, and it's more of a maintenance burdeneven if the systems are using static IP's.

However, depending on the client library you're using to build the WS-Man requests, it's possible that the WS-Man request that is getting built is explicitly requiring that the certificate is being checked against the host name. What are you using to perform this request?
Reply