Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Realeboga_Mashi
Contributor

Adding a SAN to a CSR to be used for IPSec\SSL VPN

Hi,

I have a 3rd party signed certificate that I use for VPN connections - the issue I have is that through the CSR generating process, I am not presented with an option to add a subject alternative name (SAN).

The reason I want to have a SAN in the certificate is due to other people who don't access the VPN by DNS name but by IP Address, they get an alert that the connection is not secure.

I use the CLI method to generate the CSR (sk69660).

 

When I use the GUI method to create the CSR, we get an error generating the cert - the GUI method does have an option to add the SAN (this is where I found the GUI method - https://www.entrust.com/knowledgebase/ssl/how-to-generate-a-csr-using-checkpoint-appliance).

Please help?

0 Kudos
1 Reply
Sorin_Gogean
Advisor

hey,

 

There is no need to add the SAN to the CSR, some CA's accept to add additional SANs at the time of generation. 

See if your Certificate provider can support that.

 

If you still want to add SANs to your CSR, you need to add smth like below to your openssl.cnf file you address .

MAKE SURE YOU HAVE the req_extensions to get the SAN's in the CSR!!!!!!

#

# req_extensions = v3_req # The extensions to add to a certificate request

 

req_extensions = req_ext # The extensions to add to a certificate request

 

[ req_ext ]

subjectAltName = @ckp_names

[ CKP_names ]

DNS.1 = u-fw01.a#$#$%#$%lv.int

DNS.2 = u-fw02.a#$#$%#$%lv.int

DNS.3 = u-fw4.a#$#$%#$%lv.int

 

Thank you and have a nice week,

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events