Hi Team ,
I’m trying to generate CSR on ontap system manager and I want it for Client server certification for SSL error while we open webpage, When we click on generate CSR and choosing more option I get Subject Alternative Name - in this I see URI DNS SERVER , IP Address , subject email - I was checking documents- can you please help me to understand what is URI , DNS AND IP
Can you help me with example thank you
#System manager
summer charm
fair thistle
URI would be the url, it's not required (ie, something like https://cluster-name/sysmgr/v4 )
DNS would be the DNS name, usually fqdn or short name
IP is cluster management IP, if you want it in the Subject Alternative Names
Email would be an admin email, also not required.
I put an example screenshot in one of the kbs for renewing certs in system manager, but i'll have to track that down tomorrow if you need more. my login doesn't work on my personal pc.
clever panther
For DNS I use:
Fqdn of cluster, short name of cluster, fqdn of host 1, short name of host 1, fqdn of host 2, short name of host 2
For IP, I use
Cluster mgmt ip, node 1 mgmt ip, node 2 mgmt ip
By specifying the list, the certificate will be valid on each item listed above. I can go to the fqdn or short name or IP of the cluster or any node management. Subject alternative names (SAN) fields were added in 9.9.1
Do note that some certificate authorities do not want some of the SAN (subject alternative names) and may reject the csr or will just drop what it doesn’t like and still create the certificate
fair thistle
Here is the KB with the screenshot with examples of each field:
https://kb.netapp.com/onprem/ontap/dm/System_Manager/How_to_install_or_renew_a_CA_signed_certificate_using_ONTAP_System_Manager
clever panther
Like I said though, the dns and ip fields may be a comma separated list of multiple items
summer charm
URI would be the url, it's not required (ie, something like https://cluster-name...
Thank you I will read documents
summer charm
Like I said though, the dns and ip fields may be a comma separated list of multi...
Thank you so much
summer charm
For DNS I use:
Fqdn of cluster, short name of cluster, fqdn of host 1, short nam...
I have one question do not you use URl
clever panther
I have not used the uri.
Never really had to. None of my customers certificate authority teams have made it mandatory
summer charm
Never really had to. None of my customers certificate authority teams have made ...
Thank you 🙏
summer charm
I have one question - on signing certificates our team is saying they can see the team email on SAN field not in subject field , can you guys please help me @clever panther @fair thistle
fair thistle
if you used the KB, it's one of the optional fields for SAN. The entire SAN section is optional, but we recommend filling in at least DNS and/or IP so you don't see an untrusted warning from your browsers. So if you don't want the email in the SAN field, then leave it blank. But there's no way to remove it without going through the whole signing process again.
summer charm
if you used the KB, it's one of the optional fields for SAN. The entire SAN sect...
Thank you , yes email is optional in SAN field but when not being provided SSL sign team ask to provide, what will happen if we do not provide email