Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Using the Subject Alternative Name Field When Generating a Certificate

App Control: Using the Subject Alternative Name Field When Generating a Certificate

Environment

  • App Control Console: All Supported Versions

Objective

How to use the Subject Alternative Name (SAN) field when generating a new Certificate to be used in the App Control Console


Resolution

 
  • The Subject Alternative Name (SAN) must contain the current App Control Server Address (System Configuration > General tab) and any previously used FQDN/CNAME records
  • Both the current name of the server and any alternative or previously used names should be listed as shown:
    Subject Alternative Name: DNS=newserver.domain.com,DNS=oldserver.domain.com
    
  • The SAN can also contain an IP Address, or a wildcard:
    Subject Alternative Name: DNS=appcontrol.domain.com,DNS=*.domain.com,IP=10.0.8.123
    

Additional Notes

  • If a Wildcard is used in the Common Name, the current Server Address (System Configuration > General) must be included in the SAN:
    Common Name: *.domain.com
    
    Subject Alternative Name: DNS=appcontrol.domain.com,DNS=*.domain.com
    
  • RFC 2818 states that the Common Name in the Subject field of the certificate must be included in the Subject Alternative Name.
  • If the certificate contains any DNS entry in the SAN, the Agent will require one entry to match the Server Address.
  • If the certificate contains no SAN entries, the Common Name and the Server Address must match.
  • Failure to properly format the Server Certificate could cause communication failures between the Agent and the Server, or other errors.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-26-2018
Views:
3735
Contributors