Jump to content


Photo

Certificate Subject Alternative Name


This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 Young

Young
  • Members
  • 2 posts

Posted 07 April 2020 - 04:24 PM

When creating a certificate request (.csr) from the ESG and submitting it to our Microsoft Standalone CA, the certificate issued doesn't contain a Subject Alternative Name (SAN). 

 

The ESG also shows the Cert as "Missing Chainfile Untrusted" (under Secure Administration) however when you view the Cert in Chrome or IE, the Cert path is valid and the Cert is reported as OK by both browsers.

 

Since Chrome will only trust Certs with SAN, I'm trying to generate a CSR with SAN info to submit to our CA.  

 

Is this expected or is there a configuration issue in our ESG somewhere?

 

We also use the Message Archiver appliance, and CSR generated from that device contains the SAN in the request.  

Any help is appreciated. 



#2 Young

Young
  • Members
  • 2 posts

Posted 09 April 2020 - 11:04 AM

Support confirmed SAN info is not part of the CSR generated by Email Security Gateway. 

Enhancement request BNSF-27097 has been logged and will be considered for future firmware release. 

 

You need to use a third party tool to create the CSR with SAN (I used OpenSSL).