Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [subject-alternative-names]

18 questions
28
votes
4 answers

What is the difference between SAN and SNI SSL certificates?

Could someone explain me the difference between these certificates in a simplified way? I read some articles but it sounds like they do the same job, namely encrypting many domains with one certificate.
AFA Med
  • 447
  • 1
  • 5
  • 15
11
votes
3 answers

Adding Subject Alternate Names (SAN) to an existing Cert Signing Request (CSR)

Can any one tell me how I an add a number of Subject Alternate Names to an existing CSR? I'm not talking about generating a CSR with SANs or adding SANs at signing time - I know how to do both of these things. Background: The problem we have is that…
Jason Tan
  • 2,742
  • 2
  • 17
  • 24
6
votes
1 answer

OpenSSL - Add Subject Alternate Name (SAN) when signing with CA

How can I add a Subject Alternate Name when signing a certificate request using OpenSSL (in Windows if that matters)? I've generated a basic certificate signing request (CSR) from the IIS interface. Now, I'd like to add several subject alternate…
mechgt
  • 73
  • 1
  • 1
  • 6
3
votes
0 answers

x509 certificate not valid for any names when added IP address to openssl.cnf

A self-signed certificate works well while the command used to generate it on a ubuntu machine is: openssl req -x509 -newkey rsa:4096 -keyout private.key -out cert.crt -days 365 -nodes If the client side uses an IP address instead of the domain…
minghua
  • 171
  • 1
  • 1
  • 8
2
votes
2 answers

Why would Chrome ignore the X509v3 Subject Alternative Name in my cert?

I have a cert that include an X509v3 Subject Alternative setting, but Chrome 67.0.3396.99 is saying the Subject Alternative Name is missing even though it looks like it's included in the cert. Here's the X509v3 portion of the cert as per openssl…
pwan
  • 257
  • 3
  • 14
2
votes
4 answers

Let's Encrypt: use Subject Alternative Name for internal domain

My Synology NAS is capable of running the web interface via HTTPS. By default, you access the NAS via its name (say, mynas) so http(s)://myname:5001 or http(s)://myname.local. It defaults to an SSL certificate for synology.com. You can create a new…
Jurian Sluiman
  • 291
  • 6
  • 17
1
vote
1 answer

Block Subject Alternative Names in ADCS

I am managing a Windows 2008 ADCS CA and have been aware of the security risks in issuing certificates with SANs. So I tested issuing a PKCS10 file with SANs in the request and it issued the certificate with the SANs when it's supposed to be…
JuanKB1024
  • 133
  • 1
  • 2
  • 6
1
vote
0 answers

How to provide a subjectAltName when generating a Certificate Request in IIS?

It seems the latest versions of Chrome, Firefox and Vivaldi no longer work with our Domain Certificates generated by Active Directory Certificate Services because they lack a subjectAltName. My question is how would one go about generating a…
Corey Alix
  • 111
  • 3
1
vote
2 answers

OpenSSL config expansion

I created own Certificate Authority and server (virtualhost) certificate based on this specification: https://jamielinux.com/docs/openssl-certificate-authority/index.html It's successfully created, it works, but server-certificate not working…
adampweb
  • 121
  • 6
1
vote
1 answer

Certificate SAN support regexp stemming?

Searched on this, but can't find any clear answer - can a certificate SAN contain a name like "citrix*.domain.com", to permit use with citrixdirector.domain.com and citrixprod.domain.com, for example?
daboochmeister
  • 23
  • 5
1
vote
1 answer

Subject not considered in a certificate with SAN

I have here a certificate with the subject "server01.department.company.com" and two subject alternative names "app1" and "app2". When I connect with app1 or app2 to the server all is fine. But when I connect with the real name of the server (the…
Raffael Luthiger
  • 2,011
  • 2
  • 17
  • 26
0
votes
1 answer

kubernetes apiserver systemd service is not activated

I am seeing below error message when kube-apiserver systemd server is started. cannot validate certificate for 192.168.101.101 because it doesn't contain any IP SANs". Reconnecting... Following are the parameters given for kube-apiserver…
sandeep nagendra
  • 103
  • 2
0
votes
2 answers

Better understanding TLS/SSL Alternative Names?

Can someone explain (to a 5 year old) how Alternative Names are used? And why some domains have SO many? Are all of these domains sharing a certificate? Are there any security risks (MitM attacks?) with using Alternative Names?
user418383
  • 9
  • 2
0
votes
1 answer

Adding a Subject Alternative Name to an exchange certificate

We're running an Exchange 2010 environment with multiple SMTP domains which we have configured autodiscover for as well. Now we have discovered that some of the autodiscover addresses hass not been added as a SAN in the certificate, giving the users…
Mikael Dyreborg Hansen
  • 559
  • 1
  • 5
  • 15
0
votes
1 answer

How do I make a certificate request in windows 11 from the command line?

We have a working internal certificate process and instructions on how to use it involving certreq; however on Windows 11 it stopped generating SAN correctly. Internal certreq template: [Version] Signature="$Windows NT§" [NewRequest] …
joshudson
  • 403
  • 4
  • 10
1
2