cas 配置https改为ip而不是使用域名

keytool -genkey -alias cas41key -keyalg RSA -keysize 1024 -keypass 123456 -storepass 123456  -dname "CN=10.1.4.41,OU=csoa,O=csoa,L=FZ,ST=FZ,C=CN" -ext san=ip:10.1.4.41   -validity 3600  -keystore /home/nloa/bak/cas41.keystore

If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.

[...]

In some cases, the URI is specified as an IP address rather than a hostname. In this case, the iPAddress subjectAltName must be present in the certificate and must exactly match the IP in the URI.