How to use the Subject Alternative Name (SAN) field when generating a new Communication Certificate to be used in the Console.

• App Control Console: All Supported Versions

 A Subject Alternative Name is required when:

• The Server Address was changed and Agents have not been updated via the setserver command.
• The Common Name on the Communication Certificate and the Server Address are not identical.

If a Subject Alternative Name (SAN) is required, it must:

• Contain at least one DNS entry matching the current Server Address.
• Contain an additional DNS entry for any previous Server Address still in use by the Agents.
• Be formatted as follows:

  DNS=newserver.domain.com,DNS=oldserver.domain.com

• Failure to properly format the Server Certificate could cause communication failures between the Agent and the Server, or other errors.
• The SAN can also contain an IP Address, or a wildcard:

  DNS=appcontrol.domain.com,DNS=*.domain.com,IP=10.0.8.123

• If a Wildcard is used in the Common Name, the current Server Address (System Configuration > General) must be included in the SAN:

  Common Name: *.domain.com
  
  Subject Alternative Name: DNS=appcontrol.domain.com,DNS=*.domain.com
  

• RFC 2818 states that the Common Name in the Subject field of the certificate must be included in the Subject Alternative Name.