If you are unable to create a new account, please email support@bspsoftware.com

 

SSL: Specify multiple Subject Alternate Names

Started by dougp, 01 Oct 2020 06:34:23 PM

Previous topic - Next topic

dougp

I need to request an SSL certificate for a machine and see that Chrome is requiring the Subject Alternate Name.  I want to use two.

cognosserver1.mycompany.loc
cognosserver1


I see at https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/c_thirdpartycertificatetoolcommands.html there is documentation to support Subject Alternate Names:

Quote-H
    Subject Alternative Name DNS names, such as DNS_host_1 [DNS_host_n]

While it says names (plural), there is no indication of how to include multiple names.  Are the delimited by commas, spaces, ...?  Should I use the -H command line parameter multiple times?
I have looked around a bit and don't see any examples of using multiple names.

...and I'd rather not bug my CA numerous times by guessing.

I'm using Windows Server.

So when creating the signing request, should the command look like one of these?

ThirdPartyCertificateTool.bat -java:local -c -e -d "CN=cognosserver1.mycompany.loc,O=mycompany,C=US" -H cognosserver1.mycompany.loc,cognosserver1 -a RSA -r encryptRequest.csr -p superSecretPassw0rd

ThirdPartyCertificateTool.bat -java:local -c -e -d "CN=cognosserver1.mycompany.loc,O=mycompany,C=US" -H cognosserver1.mycompany.loc cognosserver1 -a RSA -r encryptRequest.csr -p superSecretPassw0rd

ThirdPartyCertificateTool.bat -java:local -c -e -d "CN=cognosserver1.mycompany.loc,O=mycompany,C=US" -H cognosserver1.mycompany.loc -H cognosserver1 -a RSA -r encryptRequest.csr -p superSecretPassw0rd