When using an SSL certificate, the following message is received:

**
NET::ERR_CERT_COMMON_NAME_INVALID

when accessing url

https://www.example.com 

This server could not prove that it is www.examplcom; its security certificate is from www.example.com,www.example#.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

Windows does not have enough information to verify this certificate.

Issued to:www.example.com

Issued by: xxxxxxx

Valid from: dd/mm/yyyy to dd/mm/yyyy
**

The reason for having both www.example.com and www.example#.com in the DOMAIN name in the certificate is the users can use either one of the urls to access.

Top Secret or the other security software (ACF2 , RACF) do not support to gen multiple altname segment for a digital certificate. Other clients that needed this functionality needed to go to an outside CA to obtain the certificate.

Once the CA supplied the certificate they were then able to add it to Top Secret. (CA = Certificate Authority)

Gen a certificate request via GSKKYMAN with two domains using the following steps:

1. GSKKYMAN - gen a request with two domains.

2. Export the request PK10 to MVS.

3. Use the PK10 as input for a GENCERT - will need a signing certificate

TSS GENCERT(CERTSITE) DIGICERT(XXXXX) DCDSN(PK10 file) signwith(xxxx,yyyy)

You should now have a certificate with two domains.

4. Add the certificate to the keyring, both the new one (two domain) and the signer.