Hello All,
I am having an issue trying to get my server read the SAN entries that
I have configured in my cnf file. I created a .CSR file (2048) and had our PKI
folks generate the certificate (.p7b) so that I could import it into my
application. The application accepts the certificate and the corresponding
private key. However, when I connect to the application using the FQDN I get a
certificate error but when I use just the hostname it works fine. During the
creation of the CSR file I assigned the common name as just the hostname. I
recreated the CSR file setting the common name as the FQDN and when I tried
accesing the application with the host name I received a certificate error.
However, when I tried accessing the application with the FQDN it worked fine.
It's as though the certificate is not applying the SANS I configured in the
.cnf file. I researched many forums to try to identify what I am missing but I
just can't seem to figure it out so I am turning to this group. See below for
configs that I set in .cnf file. I am not sure if I need to run a specific
Openssl command to insert this in the certificate. I have done this once
before and the SANS were read perfectly fine so I am not sure what could be the
issue. Please help....
[ req ]
req_extensions = v3_req # The extensions to add to a certificate request
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
subjectAltName = @alt_names
[alt_names]
DNS.1 = server.domain.com
DNS.2 = server_name
Thanks,
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology Governance
W 214-312-4449
BB 214-794-3641
