Generate CSR does not allow Subject Alternate Names

Question

Hi There,

Under Application Settings > Security > Certificates, when attempting the generate a custom signing request, the wizard gives no option to for Subject Alternate Names (SAN) as part of the request, relying on Common Name (CN) in the subject.

Use of Common Name for Server Certificates has been deprecated from the standards from some time and Chrome will remove support for common name matching, and use of Sunbject Alternate Names (reference link).

Could OME Developers please look into updating the wizard to allow specification of SubjectAlternateNames, or give the ability to import a public *and* private key pair that we can generate outside of OME (e.g. pfx files, pem etc)

Thanks

DELL-Rob C · Answer

Hi bcshort and thanks for the post. I checked with the team and it looks like this already under review as as roadmap item. Thanks for calling it out. Rob

bcshort · Answer

Thanks Rob,

As an addendum, there also needs to be a way to upload intermediate/root certificates. When using an internal PKI, if you aren't able to upload Intermediate and Root CA Certificates, the OM Enterprise Server cannot verify the chain of trust for the certificate.

Cheers

Ben

DELL-Rob C · Answer

Ok, got it.  Added this to my information that I passed along for review. Thanks! Rob

ikroumov · Answer

Hello Is there any update related to the certificate update process on DellEMC Open Manage Enterprise? I cannot upload certificates which have all the components (key, config file, csr, cert) generated outside the DellEMC OME. The CA is external and completely managed offside. Thanks ikroumov

Dell OpenManage Enterprise

Generate CSR does not allow Subject Alternate Names

Was this post helpful?