There's an HP MFD LJ M880 It has a SSL certificate onboard that is issued not for its hostname but rather to a generic "HP Jetdirect" common name. I believe it prevents me from having a secure communication with the device as IE 11 always shows me the "your connection is not private" warning no matter how many times I import the certificate into TrustedRootAuthority storage of the Windows host I'm trying to establish a secure connection to the MFD Would some please clarify whether I'm right on thinking that CN must contains the hostname of the MFD?
I'm right on thinking that CN must contains the hostname of the MFD ...
For HTTPS the subject information in the certificate need to match the hostname from the URL. This hostname is usually not expected in the CN but instead in the Subject Alternative Names (SAN) section of the certificate. While some browsers still accept the name in the CN major browsers like Chrome don't even look at the CN but only will look at the SAN.
Explicitly importing a certificate as trusted will still have this requirement. Explicitly adding an exception for this specific site instead will associate the certificate with the hostname and thus not warn anymore. If the same certificate is accessed with a different hostname it will complain again.