Forum Discussion
CirrostratusCreating SSL Cert with a SAN the same as the CN.
Hey, all. I'm trying to create an SSL Certificate with the CN being the same as the SAN (for example, I want the CN to be mysite.com and the SAN to also be mysite.com). I know this sounds like it is pointless, but apparently some browsers (specifically Chrome) are ignoring CN's and looking only at SAN's.
The problem is that when I try to create it I receive the following error:
Key management library returned bad status: -32, Invalid Subject Alternative Name.
Any suggestions?
Thanks.
Simon_BlakelyEmployee
How are you specifying the SAN?
It should be specified as
DNS:mysite.com
gdoyleHow do you do multiple SANs?
gersbahSeparated by comma:
DNS:abc.def.ghi, DNS:jkl.mno.pqr
Just in case it ever comes up, you can also use "IP:1.2.3.4" for IP addresses, although in most cases I would advise to stick with DNS names.
If F5 is taking feedback here, that info would probably be a good addition to the "help" menu for certificate creation.
- gdoyle
Thanks, I'll look at that... I think I tried, but I didn't have the space after the comma. Perhaps that was why it wouldn't take it.
Do you know how to generate a wildcard certificate in the Big IP? I've tried using *.domain.com, but once pushed to the site the site appears to be looking specifically for "*.domain.com" and not using the wildcard.