Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Using the Subject Alternative Name Field When Generating a Certificate

App Control: Using the Subject Alternative Name Field When Generating a Certificate

Environment

  • App Control Console: All Supported Versions

Objective

How to use the Subject Alternative Name (SAN) field when generating a new Certificate to be used with the App Control Console.


Resolution

  • When using the Subject Alternative Name (SAN) field, both the current resolvable name of the server, and any alternative names should be specified. This is helpful when changing the hostname of the application server.
    Subject Alternative Name: DNS=newserver.domain.com,DNS=oldserver.domain.com
    
  • If a Wildcard is used in the Common Name, the current Server Address (System Configuration > General) must be included in the SAN:
    Server Address: newserver.domain.com
    Common Name: *.domain.com
    Subject Alternative Name: DNS=newserver.domain.com
    
  • The SAN can also contain an IP Address, or a wildcard:
    Subject Alternative Name: DNS=*.domain.com,IP=10.0.8.123
    

Additional Notes

  • Typically the Subject Alternative Name (SAN) is only needed if a change to the hostname has been made.
  • If the certificate contains a wildcard in the Common Name, the SAN must contain an entry that matches the Server Address.
  • If the certificate contains any DNS entry in the SAN, the Agent will require one entry to match the Server Address.
  • If the certificate contains no SAN entries, the Common Name and the Server Address must match.
  • Failure to properly format the Server Certificate could cause communication failures between the Agent and the Server, or other errors.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-26-2018
Views:
2006
Contributors