problem

I need to add 127.0.0.1 to the certificate for $IP:9090/ and ca.framework.cert.management.custom.san is the way to do it, but the feature interprets the entry as a single string, such that the following value:
cloudstack.internal, 127.0.0.1

leads to this kind of alt name configuration:

~# openssl s_client -connect 127.0.01:9090 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:
IP Address:192.168.0.123, DNS:cloudstack.internal, 127.0.0.1

Note that "cloudstack.internal, 127.0.0.1" is a single string here, so the comma separation is not a thing as I assumed.

Replacing cloudstack.internal with 127.0.0.1 takes me one step further, in that 127.0.0.1 is added to the alt names, but is treated as a hostname, not an IP.

~#openssl s_client -connect 127.0.01:9090 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:
IP Address:192.168.0.123, DNS:127.0.0.1

To further aggravate me, even cloudstack-setup-databases -i 127.0.0.1 produces the same results, 127.0.0.1 is treated as hostname, not IP, just like the above.

versions

4.21.0.0 KVM

The steps to reproduce the bug

No response

What to do about it?

No response