I considered that, but I think at the moment there's no concept of IP address for web certificates, it's all based on domain names as far as I know.
It doesn't mean it's not doable of course, but I could understand if it make people uneasy since it means that the same domain and the same certificate would behave differently depending on what it resolves to.
It may be an interesting solution to consider though. That would definitely make my life easier.
> there's no concept of IP address for web certificates, it's all based on domain names as far as I know
Regardless of whether you can or can't issue a certificate with a CN of an IP address, the browser doesn't receive the certificate in isolation, it receives it from an IP address, and can handle certificate validation differently depending on what it's connected to.
This may be a terrible idea for reasons I haven't considered (it probably is), but I can't think of any off head myself right now.
EDIT: this is probably terrible because someone can just stick a MITM proxy on your lan, and poison your DNS to resolve google.com to a RFC1918 address and boom.
You absolutely can get a certificate for an IP address. Clients should verify them based on the common name, and a subject alternative name has various field types including IP address.
A quick Google search shows various certificate authorities who will issue certificates for IP addresses.
It doesn't mean it's not doable of course, but I could understand if it make people uneasy since it means that the same domain and the same certificate would behave differently depending on what it resolves to.
It may be an interesting solution to consider though. That would definitely make my life easier.