NSX-T Manager Certificate Creation Does Not Include IP SAN

Question

NSX-T Manager Certificate Creation Does Not Include IP SAN

lancefrench opened this issue 4 years ago · 2 comments

In nsxt-3-0-install.html.md.erb we specify a certificate configuration file and certificate generation command generates a certificate without a Subject Alternative Name despite our intention to do so.

Once we specify the openssl x509 command, the req_extensions section of our configuration, which includes the SAN, is ignored.

Answer 1 · 2021-07-01T19:31:14.000Z

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

Answer 2 · 2021-07-01T19:56:13.000Z

Busted as of 2da9754 I suggest copying the subjectAltName configuration under the SAN section if v3_ca is necessary per the "engineering feedback" or reverting the configuration to a previous working version.

Happy to submit a pull request if there's more context on the engineering feedback.