I'm working on a project where I have to use self-signed SSL certificates with SAN defined.
Using common name only does not work, because the client requires SAN too, else it throws an error. However the IPs are not fixed or predefined for deployment, so there's no way to know IPs prior to deployment
Is there any tricky way where the SAN is specified, still the certificate works across multiple IPs?
I have not tried any solution yet.
One can give multiple IP addresses as SAN. But one cannot use wildcards in IP addresses, only with domains. Depending on the exact use case it might be possible to use a domain name instead which gets mapped to different IP addresses. In this case the SAN contains only the domain name.