How can we improve the SMA (K1000)?

SSL settings should allow requesting SAN certificates (Subject Alternative Names)

In the CSR request process a feature should be added to allow SAN certificates. This would help clients access the K1000 with a variety of internal and external host names without certificate errors.

23 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

5 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Now that Google Chrome has de facto neutered any TLS certificates that omit a SAN field containing the DNS hostname, this has become a big issue for us. Only alternative is to manually generate a CSR outside of the K1000 (good luck learning OpenSSL from the commandline!) and import the private + public key pair afterward.

Feedback and Knowledge Base