From https://support.apple.com/en-us/HT210176
TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.
According to these new requirements, should I be able to use an IP address in the SAN field? I read an answer that stated or implied that it was possible, but I cannot make it work. Obviously I realise that an IP isn't a DNS name, but… well I can hope.
I can workaround the limitation by setting up an mDNS (eg Bonjour) and use host.local style names (which does work) but this is not ideal for my situation.
Best Answer
Yes, according to the standard (RFC 5280 page 37) you can use an IP address in the SAN (SubjectAltName) field!
The standard defines a number of possibilities for specifying the SAN, including iPAddress, dNSName, and various others.
The most obvious option is to use iPAddress, where the IP address is stored as an octet string. You can also write the IP address in the dNSName field, which is a common string (IA5String to be precise).
In practice, you want to do both at the same time as software support varies. For example it seems that especially Microsoft software (like the Internet Explorer and Edge browsers) look at the dNSName and interprets IP addresses there, whereas browsers like Safari and Chrome look at the iPAddress field.