Я прочитал RFC 2818 ранее, но, должно быть, пропустил эту часть.
In some cases, the URI is specified as an IP address rather than a
hostname. In this case, the iPAddress subjectAltName must be present
in the certificate and must exactly match the IP in the URI.