3.4. IPv4 and IPv6 Addresses

Certificate System supports both IPv4 addresses and IPv6 addresses. In a very wide variety of circumstances, Certificate System subsystems or operations reference a host name or IP address; supporting both IPv4- and IPv6-style addresses ensures forward compatibility with network protocols. The operations that support IPv6 connections include the following:
  • Communications between subsystems, including between the TPS, TKS, and CA and for joining security domains
  • Token operations between the TPS and the Enterprise Security Client
  • Subsystem logging
  • Access control instructions
  • Operations performed with Certificate System tools, including the pki utility, the Subject Alt Name Extension tool, HttpClient, and the Bulk Issuance Tool
  • Client communications, including both the pkiconsole utility and IPv6-enabled browsers for web services
  • Certificate request names and certificate subject names, including user, server, and router certificates
  • Publishing
  • Connecting to LDAP databases for internal databases and authentication directories
Any time a host name or URL is referenced, an IP address can be used:
  • An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, or,
  • An IPv6 address uses a 128-bit namespace, with the IPv6 address separated by colons and the netmask separated by periods. For example, 0:0:0:0:0:0:, FF01::43, or 0:0:0:0:0:0:,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:
If DNS is properly configured, then an IPv4 or IPv6 address can be used to connect to the web services pages and to the subsystem Java consoles. The most common method is to use fully-qualified domain names:
pkiconsole https://ipv6host.example.com:8443/ca
To use IPv6 numeric addresses, replace the fully-qualified domain name in the URL with the IPv6 address, enclosed in brackets ([]). For example:
pkiconsole https://[00:00:00:00:123:456:789:00:]:8443/ca