Hi
Switch model: HP 2530 (J9774A) 8 port (but we've also got a single Aruba 6000 12 port that I need to do this on)
Firmware: YA.16.11.0016 or YA.16.11.0013
I've been trying to create signed certs for our switches with our AD CA Root as the Trusted Authority.
It seems such a simple process on the face of it.
I add in the CA root as a Trusted Anchor, which then enables the 'Create CSR' link:
I use the Create CSR link to, um, create the CSR, then I copy the CSR to a text file then use that on one of my Windows AD CA servers to create the signed certificate.
I then paste that in to the field on the Switch's web console. All seems fine.
Until I try to use https on the switch, at which point I get a warning.
According to the error, the browser is demanding that the certificate includes a Subject Alternative Name (SAN), which seems like a very sensible minimum standard, to be fair.
And believe me I'd actually very happily include at least two SANs (the FQDN and the IP address) if only the switch's web console presented me with the opportunity!
I could be wrong, but I don't think even the CLI (which I've not got the hang of when it comes to the crypto command) offers the option to include SANs in the CSR.
Am I missing something?
Thanks in advance.
------------------------------
Jeff
An IT Infrastructure bloke
Somewhere in London (UK)
------------------------------