It's not recommended to use the Appliance for certificate management.
The recommended approach at this point in time is to use OpenSSL on a separate system as that gives a more robust way to perform certificate management.
Here are the OpenSSL commands to request a certificate:
openssl req -new -newkey rsa:2048 -keyout ./private/sha256withrsa-star-key.pem -subj "/C=US/ST=Texas/L=Austin/O=Org/OU=Unit/CN=hostname.domain.lab" -out sha256withrsa-star-req.pem -config openssl-config-file.cnf
The 'openssl-config-file.cnf' would be an OpenSSL configuration file that specifies how to create the certificate request. It's possible to pass in the SAN using a command line argument and there's a lot of material online to help with that task.
------------------------------
JACK YARBOROUGH
------------------------------
Original Message:
Sent: Tue November 29, 2022 06:14 PM
From: Petr Němec
Subject: Certificate request with SAN attribute - VA 10.0.0x
Hello,
I need to create certificate request with Subject Alternative Name (SAN) attribute.
For example, IBM Global Security Kit supports this option: -san_dns-name <name> The SAN DNS name(s) for the entry being created.
Is there any way to do this in Verify Access 10.0.x via LMI or CLI?
Thank you.
------------------------------
Petr Němec
------------------------------