Hello All, I am having an issue trying to get my server read the SAN entries that I have configured in my cnf file. I created a .CSR file (2048) and had our PKI folks generate the certificate (.p7b) so that I could import it into my application. The application accepts the certificate and the corresponding private key. However, when I connect to the application using the FQDN I get a certificate error but when I use just the hostname it works fine. During the creation of the CSR file I assigned the common name as just the hostname. I recreated the CSR file setting the common name as the FQDN and when I tried accesing the application with the host name I received a certificate error. However, when I tried accessing the application with the FQDN it worked fine. It's as though the certificate is not applying the SANS I configured in the .cnf file. I researched many forums to try to identify what I am missing but I just can't seem to figure it out so I am turning to this group. See below for configs that I set in .cnf file. I am not sure if I need to run a specific Openssl command to insert this in the certificate. I have done this once before and the SANS were read perfectly fine so I am not sure what could be the issue. Please help....
[ req ] req_extensions = v3_req # The extensions to add to a certificate request [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy subjectAltName = @alt_names [alt_names] DNS.1 = server.domain.com DNS.2 = server_name Thanks, Hector L. Jaquez Jr. Data Security Analyst II HQ AAFES, Information Technology Governance W 214-312-4449 BB 214-794-3641