[VIPEG] VIPEG SSL Certificate and SAN(Subject Alternate Name)
Article ID: 202609
Updated On: 10-13-2023
Products
Issue/Introduction
After VIPEG is installed SSL Certificates need to be installed but the Create SSL Certificate section does not provide an input field for SAN.
Environment
Release : 9.9
Component : VIPEG
Resolution
When submitting the CSR (generated from VIPEG) to your Certificate Authority, you can provide them with the SAN(Subject Alternate Names) so they can issue the certificate with those SAN values.
In case if you are using "Microsoft Active Directory Certificate Services" then you can follow the steps below.
This is just for Proof of Concept purposes. Any issue you encounter, you will need to work with your System/Infrastructure/PKI Administrator to resolve.
1. Logon to MSADCS and download the CA Certificate(and its chain if applicable).
2. Import the CA Certificate(and its chain if applicable) to VIPEG. (See Adding Trusted CA Certificates)
3. Generate CSR from VIPEG
4. Submit CSR to MSADCS using the "Web Server" template. Add the SAN value at this point.
You may have multiple FQHN(Fully Qualified Host Name) and even IP addresses to access your VIPEG.
For multiple values, you can use an ampersand to separate them as demonstrated below.
san:dns=vip.example.net&dns=ssp.example.net&dns=mfa.example.net
5. Import the certificate into VIPEG and set HTTPS. (See Configuring Console settings)
6. Restart VIPEG and test.
Additional Information
Please vote for this enhancement request: https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=211d74cf-743f-4a0b-90fb-ac9faa512d80
Feedback
