Create Local Services Certificate with IP SAN?

Forum|Forum|7 years ago
September 12, 2018
1 reply
7667 views

Hi All,

FortiAuthenticator on 5.3.1. Trying to create (not sign) certificates in End Entities > Local Services that need Subject Alternative Name set to an IP. However, the GUI only gives me options to create SAN entries for Email, User Principal Name (UPN), URI, or DNS.

Anybody know of a way to create a cert on the FAC with an IP SAN entry?

Thanks.

xsilver_FTNT

Staff

no way to create AFAIK.

If the cert is for device with IP like FortiGate then what about CN=IP ?

tanrAuthor

New Member

I've specified CN=IP when creating the cert, but that isn't sufficient for browsers.

Chrome will still show it as invalid unless you have SAN=IP:1.2.3.4.

I guess I can create it in OpenSSL and import it, but it seems like the FAC should just let you enter the SAN values raw. Maybe time for a feature request.

tanrAuthor

New Member

You know, since the FortiGate allows you to create a CSR with raw SAN text, the FortiAuthenticator, as a CA, should really be able to match it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded