Security

Reply
MVP
Posts: 366
Registered: ‎01-14-2010

Creating a CSR with multiple SAN options

All,

 

Is it possible to put multiple entries into the SAN field when generating a CSR? I tried entering "DNS:clearpass1.mydomain.org, IP:10.20.100.170" and it threw an error. I'm not sure what the delimiter is between the various SAN entries.

 

I'm trying to create a CSR for a VIP that references the publisher and subscriber IPs and FQDNs. I've been told this is the best way to handle certs in CPPM in case of a failover and / or the promotion / demotion of Publishers and Subscribers.

 

Eventually, all of us will have dumped so many questions in this forum that it's going to be a great wiki! Also, it keeps cjoseph on his toes!

 

Thanks!

 

-Mike

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Creating a CSR with multiple SAN options

I believe there is no spaces. 

 

DNS:cplab.clearpassdemo.com,IP:10.80.2.200

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 366
Registered: ‎01-14-2010

Re: Creating a CSR with multiple SAN options

Troy,

 

Worked like a charm - thanks!

 

-Mike

Aruba
Posts: 1,641
Registered: ‎04-13-2009

Re: Creating a CSR with multiple SAN options

 

boston1630 wrote:

.... I've been told this is the best way to handle certs in CPPM in case of a failover and / or the promotion / demotion of Publishers and Subscribers....

 


 

I'm curious if you have more information that you (or someone else) can share on why this was recommended.  Is it just a recommended practice or is there a real technical explanation behind it?  Thanks.....

 

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 366
Registered: ‎01-14-2010

Re: Creating a CSR with multiple SAN options

Hi clembo,

 

I have been told by the local SE and the local CPPM engineer that this is recommended for SSL connections to the Virtual IP service in a Publisher / Subscriber setup.

 

I've had a customer set it up on their own - I'm going to be rocking it out at a different customer site next week. I'll let you know how it goes.

 

-Mike

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Creating a CSR with multiple SAN options

Add a new post. Hope this helps explain a few things.....

http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/Certificate-Issues-Questions/td-p/94444
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: