6 Replies - 1244 Views - Last Post: 21 February 2017 - 05:56 AM

#1 DarenR   User is offline

  • D.I.C Lover

Reputation: 597
  • View blog
  • Posts: 3,857
  • Joined: 12-January 10

how do i fix Invalid subject alternative name (SAN) on ssl

Posted 14 February 2017 - 05:45 AM

hey all,

i am trying to create a csr however it keeps telling me

Quote

Invalid subject alternative name (SAN).
The subject alternative name in your CSR is not presented in the valid format required by SSL products.


i have tried the following

ourserver.domain.com
ourserver.com
domain.com
*.domain.com
www.ourserver.domain.com
www.ourserver.com
www.domain.com
domain
server
*server
*domain

where server is our server name and domain is our domain name as in
pghdevitweb01.bentley.com <-- we would use this to get to our server

any ideas on how to resolve this?

Is This A Good Question/Topic? 0
  • +

Replies To: how do i fix Invalid subject alternative name (SAN) on ssl

#2 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2225
  • View blog
  • Posts: 6,749
  • Joined: 15-January 14

Re: how do i fix Invalid subject alternative name (SAN) on ssl

Posted 14 February 2017 - 11:38 AM

Are you trying to generate a CSR for a certificate for multiple domains? That's the only place you use that field. It should take the same format as the common name.

https://www.digicert...native-name.htm
Was This Post Helpful? 0
  • +
  • -

#3 DarenR   User is offline

  • D.I.C Lover

Reputation: 597
  • View blog
  • Posts: 3,857
  • Joined: 12-January 10

Re: how do i fix Invalid subject alternative name (SAN) on ssl

Posted 15 February 2017 - 04:49 AM

well to be honest -- i have no idea why it is giving that error since i am using common name-- i dont even have the option for alternative name
Was This Post Helpful? 0
  • +
  • -

#4 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2225
  • View blog
  • Posts: 6,749
  • Joined: 15-January 14

Re: how do i fix Invalid subject alternative name (SAN) on ssl

Posted 15 February 2017 - 03:11 PM

What are you using to generate the CSR? You might want to contact the SSL vendor and ask them what the problem is. Maybe you selected the wrong kind of certificate to buy.
Was This Post Helpful? 0
  • +
  • -

#5 DarenR   User is offline

  • D.I.C Lover

Reputation: 597
  • View blog
  • Posts: 3,857
  • Joined: 12-January 10

Re: how do i fix Invalid subject alternative name (SAN) on ssl

Posted 16 February 2017 - 04:42 AM

i was using this:

https://www.day.ir/e...-sha2-algorithm
Was This Post Helpful? 0
  • +
  • -

#6 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2225
  • View blog
  • Posts: 6,749
  • Joined: 15-January 14

Re: how do i fix Invalid subject alternative name (SAN) on ssl

Posted 16 February 2017 - 11:29 AM

Did you check the CSR on the URL at the end of that article? Maybe it's got fields for the SAN that aren't filled out or are filled out to your local computer name or something like that.

If you're going to install this certificate on a web server, it is far more common to generate the CSR and key on the actual web server instead of trying to move the key to the server.
Was This Post Helpful? 0
  • +
  • -

#7 DarenR   User is offline

  • D.I.C Lover

Reputation: 597
  • View blog
  • Posts: 3,857
  • Joined: 12-January 10

Re: how do i fix Invalid subject alternative name (SAN) on ssl

Posted 21 February 2017 - 05:56 AM

yeah i used that url-- that is where the error message is coming from. The generating ssr is only good for sha1 certs but we need a sha2--
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1