search cancel

[VIPEG] VIPEG SSL Certificate and SAN(Subject Alternate Name)

book

Article ID: 202609

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

After VIPEG is installed SSL Certificate need to be installed.

But "Create SSL Certificate" section does not provide an input field for SAN.

Environment

Release : 9.9

Component : VIPEG

Resolution

When submitting the CSR (generated from VIPEG) to your Certificate Authority, you can provide them with the SAN(Subject Alternate Names) so they can issue the certificate with those SAN values.

In case if you are using "Microsoft Active Directory Certificate Services" then you can follow the steps below.

This is just for Proof of Concept purpose. Any issue you encounter, you will need to work with your System/Infrastructure/PKI Administrator to resolve.

 

1. Logon to MSADCS and download the CA Certificate(and its chain if applicable).

2. Import the CA Certificate(and its chain if applicable) to VIPEG.

3. Generate CSR from VIPEG

 

4. Submit CSR to MSADCS using "Web Server" template. Add the SAN value at this point!

You may have multiple FQHN(Fully Qualified Host Name) and even IP address to access your VIPEG.

For multiple values you can use ampersand to separate them as demonstrated below.

san:dns=vip.kimlabs.net&dns=ssp.kimlabs.net&dns=mfa.kimlabs.net

5. Import the certificate into VIPEG and set HTTPS.

6. Restart VIPEG and test.

Additional Information

Please vote for this enhancement request: https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=211d74cf-743f-4a0b-90fb-ac9faa512d80

Attachments