This only affects Firefox.
I created a CSR for a IIS server using the digicert certificate utility for Windows on to the server I will be importing the certificate. I made sure to include server aliases in the CSR (server.domain.local, server, ipaddress) I then submitted the request to our internal ca (https://internalca.domain.local/certsrv), completed the request, downloaded the cert in base64, copied it to the server with IIS, and imported the cert using the digicert tool. I then attached the new cert to the port binding in IIS, restarted the web server, and visited the site in my browser with the following results:
https://server.domain.local= valid cert, no warning
https://server= invalid cert
https://ipaddress= invalid cert
I confirm that the aliases are present in the certificate:
In Chrome, the FQDN and server name work, but not IP...