App Control: Using the Subject Alternative Name Field When Generating a Certificate

App Control: Using the Subject Alternative Name Field When Generating a Certificate

Environment

  • App Control (Formerly CB Protection) Server: All Supported Versions

Objective

How to use the Subject Alternative Name (SAN) field when generating a new server certificate during App Control Installation or from the Console.


Resolution

When using the Subject Alternative Name (SAN) field, you need to enter both the current resolvable name of the server and any alternative names you wish to use.

For example, when checking the certificate on the System Configuration page > Security tab
If the common name is set to "new.cbserver.com", but the previous server name was "old.cbserver.com" then the SAN field needs to be updated to include both names, so that the agents can authenticate:

Subject Alternative Name:  DNS=new.cbserver.com,DNS=old.cbserver.com

If you wish to use an IP address, the syntax is:

IP=xxx.xxx.xxx.xxx,DNS=xxx.xxxx.xxx.xxxx

Additional Notes

  • DNS will also need to be set to redirect from the old FQDN to the new one.
  • Typically the SAN field is only needed if a change has been made to the hostname or the resolvable name of the server.
  • Please discuss these changes with Carbon Black Support in order to ensure your Agent machines will be able to successfully connect.

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-26-2018
Views:
1367
Contributors