Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlftechCZ
New Contributor II

LetsEncrypt multi-SAN certificate (multi-Subject Alternative Names)

Hello,

 

How to solve multi-Subject Alternative Names in LetsEncrypt Certificate in FortiWeb. There are no way to insert in letsencrypt certificate more than one DNS name.

We have website with 15+ dns alternative names.

 

Thank You for your reply.

16 REPLIES 16
jintrah_FTNT
Staff
Staff

Hi,

 

Do you mean that the certificate cannot contain 15+ alternative names? If so this should be checked with some other root CA other than letsEncrypt and not on FortiWeb, if they can provide such certificate with many alternate names.

But if you already have required certificate with multiple SAN, we could check on adding required domains to FortiWeb.

 

Best regards,

Jin

AlftechCZ

Hello, 

 

My question is where to set alternate names when I create LetsEncrypt certificate in FortiWeb Gui. 

There is just One DNS name in create dialog. 

 

best Regards

Ales

jintrah_FTNT

Hi Ales,

 

Are you referring to generating a CSR?

 

Best regards,

Jin

AlftechCZ
New Contributor II

How to set multidomains in Creation Dialog - see picture bellow.

Certbot, WinAcme and all other bots can request multi-Subject Alternative Names LetsEncrypt certificates.

FortiWeb can't do this?

 

AlftechCZ_0-1650528224358.png

Certificate that have alternate names like this

AlftechCZ_0-1650529985781.png

 

 

jintrah_FTNT

Hi,

 

Thanks for the attachment, I believe you could enter different domains separated by comma.

 

Best regards,

Jin

AlftechCZ
New Contributor II

Hi,

 

BTW is this noted somewhere in documentation for FortiWeb?

 

best regards,

Ales

 

jintrah_FTNT

Hi,

 

I do not know if there is a doc  that could note all custom requirements and possibilities.

 

best regards,

Jin

 

 

AlftechCZ
New Contributor II

Hi,

 

coma separated and semicoma separated DNS names are not supported !

 

Let's Encrypt failed to issue certificate due to error. type: urn:ietf:params:acme:error:rejectedIdentifier, detail: Error creating new order :: Cannot issue for Domain name contains an invalid character

jintrah_FTNT

Hi,

 

It appears that SAN is not a supported option then. You may want to add one letsencrypt certificate for each domain and later add these certificates as SNI certificate members. I would suggest to open a FortiCare ticket to confirm and gain needed assistance.

 

Best regards,

Jin

Labels
Top Kudoed Authors