SSL settings should allow requesting SAN certificates (Subject Alternative Names)
In the CSR request process a feature should be added to allow SAN certificates. This would help clients access the K1000 with a variety of internal and external host names without certificate errors.
Andrew McNaughton commented
This is resolved for the SMA but not the SDA v5.1. I have not been able to check SDA v6.0 yet.
Now that Google Chrome has de facto neutered any TLS certificates that omit a SAN field containing the DNS hostname, this has become a big issue for us. Only alternative is to manually generate a CSR outside of the K1000 (good luck learning OpenSSL from the commandline!) and import the private + public key pair afterward.
Joe Magazu commented
Is there a workaround for now?
Simon Davies commented
With Google Chrome no longer supporting Certs without a SAN, it is vital that this get resolved ASAP
I second that!