Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
0
Helpful
2
Replies

Problems Issuing a Certificate to CBD

Jonny Partridge
Level 1
Level 1

‎07-13-2023 07:10 AM

I'm attempting to issue a certificate to the Cisco Business Dashboard (which our company recently purchased). I filled out the CSR form included with the dashboard in the certificates section of the settings, and everything seems to go OK until I try to submit and download the CSR. I keep receiving the error message:

"Invalid certificate
( 1 ) Subject Alternative Name is forbidden in certificate"
I have the SAN formatted with the pnpserver.hostname.domain,hostname.domain, and IP address filled in on the SAN (removing any of that information from the SAN causes the CBD to throw other cert-based errors asking for that infomation). For some reason it continuously fails and for the life of me I'm not sure why as it appears as though everything is in order to me.
 
I've also attempted to manually create the CSR with the information I need in it, and I can get the cert to be issued from our CA, however it throws the same "(1) Subject Alternative Name is forbidden in certificate" error when I attempt to upload it. I feel like there's something really silly I'm missing here, but I'm at a loss as it stands. Any insight anyone could provide would be much appreciated.
0 Helpful
2 Replies 2

Jonny Partridge
Level 1
Level 1

‎07-13-2023 07:51 AM - edited ‎07-13-2023 08:16 AM

I've been sifting through logs and I've also run into this error:
2023-07-10T15:16:33.355-0300 ERROR 1618 --- [http-nio-127.0.0.1-8082-exec-9] c.c.cbd.system.cert.service.CertChecker : SAN (Hostname.domain.local) is in forbidden list

 

EDIT:
It appears that the .local suffix I'm using on our network is the issue here. Anyone know a way I can get around that limitation?

Which I'm assuming relates, I'm not sure why that would be though or where that forbidden list may exist.

Also, I've removed any unique values from the above posts. Obviously it's not called hostname.domain.local, that's just a placeholder for the actual value.

0 Helpful

Mark Fang
Cisco Employee
Cisco Employee

‎07-16-2023 08:33 PM

Hello, Jonny

What's CBD version? If it's not 2.6.1, could you please upgrade to 2.6.1 and have a try? .local is not a valid TLD so CBD did no support it prior to 2.6.1. But this limitation has been removed in 2.6.1.

0 Helpful
Customers Also Viewed These Support Documents