I need to request an SSL certificate for a machine and see that Chrome is requiring the Subject Alternate Name. I want to use two.
cognosserver1.mycompany.loc
cognosserver1
I see at https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/c_thirdpartycertificatetoolcommands.html there is documentation to support Subject Alternate Names:
Quote-H
Subject Alternative Name DNS names, such as DNS_host_1 [DNS_host_n]
While it says names (plural), there is no indication of how to include multiple names. Are the delimited by commas, spaces, ...? Should I use the -H command line parameter multiple times?
I have looked around a bit and don't see any examples of using multiple names.
...and I'd rather not bug my CA numerous times by guessing.
I'm using Windows Server.
So when creating the signing request, should the command look like one of these?
ThirdPartyCertificateTool.bat -java:local -c -e -d "CN=cognosserver1.mycompany.loc,O=mycompany,C=US" -H cognosserver1.mycompany.loc,cognosserver1 -a RSA -r encryptRequest.csr -p superSecretPassw0rd
ThirdPartyCertificateTool.bat -java:local -c -e -d "CN=cognosserver1.mycompany.loc,O=mycompany,C=US" -H cognosserver1.mycompany.loc cognosserver1 -a RSA -r encryptRequest.csr -p superSecretPassw0rd
ThirdPartyCertificateTool.bat -java:local -c -e -d "CN=cognosserver1.mycompany.loc,O=mycompany,C=US" -H cognosserver1.mycompany.loc -H cognosserver1 -a RSA -r encryptRequest.csr -p superSecretPassw0rd