Unsolved
1 Rookie
•
15 Posts
0
1058
March 9th, 2022 03:00
Using Redfish API Powershell to generate CSR and renew web cert. Subject Alternative names not populating
Hello,
I am trying to add multiple subject alternative names (also shown as DNS names in the cert itself). The API guide (link below) is stating to create a String Array but this is not working. Not sure where i am going wrong, any help appreciated.
Below shows i have created a string array but when i renew the cert, it only ever populates the first entry of that string
This is the command ran to generate the CSR:
$JsonBody = @ { "CertificateCollection" = @ { "@odata.id" = "/redfish/v1/Managers/iDRAC.Embedded.1/NetworkProtocol/HTTPS/Certificates" }; "City" = $city ; "CommonName" = $commonName ; "Country" = $country ; "Organization" = $org ; "OrganizationalUnit" = $orgunit ; "State" = $state ; "Email" = $email ; "AlternativeNames" = $AlternativeNames }
No Events found!
hawker91
1 Rookie
•
15 Posts
0
March 9th, 2022 03:00
Apologies, this is for iDRAC 9, poweredge R740.
hawker91
1 Rookie
•
15 Posts
0
March 11th, 2022 01:00
Any update please? I have not found a solution yet.
hawker91
1 Rookie
•
15 Posts
0
March 21st, 2022 09:00
I still do not have a resolution for this. Can somebody please help?
DELL-Chris H
Moderator
•
9.6K Posts
0
March 21st, 2022 11:00
Hawker91,
From what you're describing, what you're attempting should be supported to do, but I am not 100% certain. Let me research and test this.
hawker91
1 Rookie
•
15 Posts
0
April 8th, 2022 03:00
How did the testing go?
DELL-Chris H
Moderator
•
9.6K Posts
0
April 8th, 2022 08:00
Hawker91,
Sorry for the delay, I thought I had reached out to you.
The testing was successful in the lab with the payload below
{"CertificateCollection": "/redfish/v1/Managers/iDRAC.Embedded.1/NetworkProtocol/HTTPS/Certificates", "City": "Austin","CommonName": "idrac-svctag","Country": "US","Organization": "Dell","OrganizationalUnit": "Support","State": "TX","Email": "test@dell.com","AlternativeNames": ["idrac-svctag","idrac-svctag.domain.cm"]}
I had to take the O out of .com at the very end of the command in order to keep it from creating a hyperlink with it.
Let me know if this helps.
mossk
1 Message
0
December 15th, 2023 00:10
Have tried this as well but find that when pushing multiple values it will only take the first value. For DELL-Chris H payload it will be seen that only idrac-svctag is added as a alternative name. The idrac-svctag.domain.com alternative name is missed
This can be seen by using postman:
And then in the outputted CSR request we can see that not all SAN's are added
The way to fix this is by pushing all subject altenativenames as one string within the array as follows:
(edited)