VMware Support Community
TAB405ALZ
Enthusiast
Enthusiast

SHD - Multiple Subject Alternative Names

Question  SHD appliance 3.0.0 - 

I replaced the certificate per this document but it still shows as invalid.  

https://docs.vmware.com/en/VMware-Skyline-Health-Diagnostics/services/Skyline-Health-Diagnostics/GUI...

I am thinking add additional SAN names but not sure what syntax the "conf" file would need - can't find any documentation on multiple SAN names.

or...does [alt_names] constitute additional "Subject Alternate Names" - and if so why still "invalid" ? Best practice for tracking down "invalid"?

 

 

[req]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
#Don't encrypt the key
encrypt_key = no
prompt = no
string_mask = nombstr

[ req_distinguished_name ]
countryName = US
stateOrProvinceName = MyState
localityName = MyCity
0.organizationName = My Company
emailAddress = infravm@MYC.org
commonName = vSkylineLogRead.mycompany.org
[ req_ext ]
subjectAltName = vSkylineLogRead

[alt_names]
DNS.1 = vSkylineLogRead.mycompany.org
DNS.2 = vSkylineLogRead
IP.1 = 10.x.x.x

Thoughts/ suggestions?

conf, rui.key rui.csr and rui.crt are all in /newcert and /conf/ssl - service restarted

Thank you

Reply
0 Kudos
1 Reply
TAB405ALZ
Enthusiast
Enthusiast

OK chalk one up to human error - When I read the instructions for setting common name and DNS to the FQDN - I also adjusted: [ req_ext ]  subjectAltName 

[ req_ext ]
subjectAltName = vSkylineLogRead

[alt_names]
DNS.1 = vSkylineLogRead.mycompany.org
DNS.2 = vSkylineLogRead
IP.1 = 10.x.x.x

It must remain the default as it gets the SAN names from "[alt_names]" section

   [ req_ext ]
   subjectAltName = @alt_names