Merge pull request #231064 from jlian/patch-89

Add IP address SAN config

Author: prmerger-automator[bot]

articles/iot-edge/tutorial-configure-est-server.md

@@ -3,7 +3,7 @@ title: Tutorial - Configure Enrollment over Secure Transport Server (EST) for Az
 description: This tutorial shows you how to set up an Enrollment over Secure Transport (EST) server for Azure IoT Edge.
 author: PatAltimore
 ms.author: patricka
-ms.date: 01/05/2023
+ms.date: 03/16/2023
 ms.topic: tutorial
 ms.service: iot-edge
 services: iot-edge
@@ -81,10 +81,12 @@ The Dockerfile uses Ubuntu 18.04, a [Cisco library called `libest`](https://gith
     # Setting the root CA expiration to 20 years
     RUN sed -i "s|-days 365|-days 7300 |g" ./createCA.sh
 
-    ## If you want to host your EST server in the cloud (for example, an Azure Container Instance),
-    ## change myestserver.westus.azurecontainer.io to the fully qualified DNS name of your EST server 
-    ## and uncomment the next line.
-    # RUN sed -i "s|ip6-localhost|myestserver.westus.azurecontainer.io |g" ./ext.cnf
+    ## If you want to host your EST server remotely (for example, an Azure Container Instance),
+    ## change myestserver.westus.azurecontainer.io to the fully qualified DNS name of your EST server
+    ## OR, change the IP address
+    ## and uncomment the corresponding line.
+    # RUN sed -i "s|DNS.2 = ip6-localhost|DNS.2 = myestserver.westus.azurecontainer.io|g" ./ext.cnf
+    # RUN sed -i "s|IP.2 = ::1|IP.2 = <YOUR EST SERVER IP ADDRESS>|g" ./ext.cnf
 
     # Set EST server certificate to be valid for 10 years
     RUN sed -i "s|-keyout \$EST_SERVER_PRIVKEY -subj|-keyout \$EST_SERVER_PRIVKEY -days 7300 -subj |g" ./createCA.sh
@@ -331,4 +333,4 @@ You can keep the resources and configurations that you created in this tutorial
 * Using username and password to bootstrap authentication to EST server isn't recommended for production. Instead, consider using long-lived *bootstrap certificates* that can be stored onto the device during manufacturing [similar to the recommended approach for DPS](../iot-hub/iot-hub-x509ca-concept.md). To see how to configure bootstrap certificate for EST server, see [Authenticate a Device Using Certificates Issued Dynamically via EST](https://github.com/Azure/iotedge/blob/main/edgelet/doc/est.md).
 * EST server can be used to issue certificates for all devices in a hierarchy as well. Depending on if you have ISA-95 requirements, it may be necessary to run a chain of EST servers with one at every layer or use the API proxy module to forward the requests. To learn more, see [Kevin's blog](https://kevinsaye.wordpress.com/2021/07/21/deep-dive-creating-hierarchies-of-azure-iot-edge-devices-isa-95-part-3/).
 * For enterprise grade solutions, consider: [GlobalSign IoT Edge Enroll](https://www.globalsign.com/en/iot-edge-enroll) or [DigiCert IoT Device Manager](https://www.digicert.com/iot/iot-device-manager)
-* To learn more about certificates, see [Understand how Azure IoT Edge uses certificates](iot-edge-certs.md).
+* To learn more about certificates, see [Understand how Azure IoT Edge uses certificates](iot-edge-certs.md).