The most frustrating part about this is when you want to access router/etc machines via https and an ip address it is just no longer even possible if they dont support this particular certificate extension.

Firefox doesn't even give you a way to bypass the erorr, even the error itself gives absolutely zero indication of what the issue actually IS. It's extraordinarily obnoxious.

Huh? You can't put an IP into a DNS entry but you can put them into an IP entry.

Yet it worked fine for 20 years beforehand and is how a lot of management interfaces are connected to and used. Now a minor bit of certificate paper work is wrong by fiat, anything relying on it is no longer allowed to work, peroid, even with a manual override.

Great. I guess I'll just fork out $10k to satisfy some stupid technicality.

Your argument could be used against pretty much any of the tightenings up wrt. HTTPS certs that have been done for the last few years.

"We used to be able to do whatever and be marked a secure and now we actually have to do security right! UNACCEPTABLE".

Not very convincing.

and if that dosen't exist or auto redirects to https you are screwed. No matter how you slice it not even allowing an override over something like this is super shitty.

Not super shitty, a judgement call.

Browser defaults have to be created to cater to the greatest (lowest?) common denominator. And if you can't figure out how to bypass the SSL warning you shouldn't bypass it.

there is no way to do so without patching firefox, that is way extreme. Especially for something that amounts to "you put a number in the wrong field of your cert, because this standard didn't even exist yet"

This does not improve security in any meaningful way whatsoever.