- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
I have a 3rd party signed certificate that I use for VPN connections - the issue I have is that through the CSR generating process, I am not presented with an option to add a subject alternative name (SAN).
The reason I want to have a SAN in the certificate is due to other people who don't access the VPN by DNS name but by IP Address, they get an alert that the connection is not secure.
I use the CLI method to generate the CSR (sk69660).
When I use the GUI method to create the CSR, we get an error generating the cert - the GUI method does have an option to add the SAN (this is where I found the GUI method - https://www.entrust.com/knowledgebase/ssl/how-to-generate-a-csr-using-checkpoint-appliance).
Please help?
hey,
There is no need to add the SAN to the CSR, some CA's accept to add additional SANs at the time of generation.
See if your Certificate provider can support that.
If you still want to add SANs to your CSR, you need to add smth like below to your openssl.cnf file you address .
MAKE SURE YOU HAVE the req_extensions to get the SAN's in the CSR!!!!!! # # req_extensions = v3_req # The extensions to add to a certificate request
req_extensions = req_ext # The extensions to add to a certificate request
[ req_ext ] subjectAltName = @ckp_names [ CKP_names ] DNS.1 = u-fw01.a#$#$%#$%lv.int DNS.2 = u-fw02.a#$#$%#$%lv.int DNS.3 = u-fw4.a#$#$%#$%lv.int |
Thank you and have a nice week,
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY