Re: Add Ip address on CUCM SAN certificate

nicanor00 · ‎04-26-2021

Hi

I have CUCM 12.5 and my CA

For internal purpose, I need to add IP address as SAN on the certificat

How can I do it ?

Nithin Eluvathingal · ‎04-26-2021

You can add the IP address in CN field.

output of csr decoder(online tools) to see the csr details

On CUCM while generating csr I added common name As ip address

nicanor00 · ‎04-26-2021

Hi and thanks for your answer

It look like we dont have the same interface, anyway we have the same menu

I need to generate CSR for : tomcat, call manager and IPsec

I have CUCM and IM&P (suscriber and publicher on each)

the CUCM name is ABCD.tomato.com

the domain name is tomato.com

The ip adress of the CUCM is 192.168.0.1

My CA accept only one unique common name, so it can not accept 2 CSR with the same common name

When I put ip adress of the CUCM in the SAN, it doenst accept

I my situation, Please how Can I add ip adress in the SAN ?

Thanks

Nithin Eluvathingal · ‎04-26-2021

We both have same interface. Add the IP in common name and add FQDN on SAN

VON CLAWSON · ‎04-27-2021

Great answer by Nithin above. Just remember that you can add more than one SAN separated by a comma. So if your Signing Authority returns the Certificate with the top level domain or www on the front(GoDaddy), you can add more SAN's in that field.

Please rate if this helps.

nicanor00 · ‎04-28-2021

Hi all

Thanks for your answer

I need to generate 3 CSR : tomcat, ipsec and call manager

My CA cannot accept 2 CSR with the same common name (same cucm ip adress) for all those 3 CSR

So please how can I manage it ?

Nithin Eluvathingal · ‎04-28-2021

I never seen such an issue that My CA cannot accept 2 CSR with the same common name. I have renewed CSR for all the services you mentioned, and my server team was able to sign it using Microsoft CA for all individual CSR.

Vinod16 · ‎05-01-2022

@Nithin Eluvathingal Hi nithin,

I am adding IP in CN and IN SAN - parent domain ( domain , FQDN cucm) but getting error while generating Cert.

Invalid Parent Domain. Please use a standard domain format.

CUCM 12.5

b.winter · ‎05-02-2022

You cannot enter an IP address in the field parent domain as a SAN entry. As already written by @Nithin Eluvathingal

Nithin Eluvathingal · ‎05-03-2022

You cant add the IP on the parent domain.

NggTgg316 · ‎09-19-2022

Like I'm also having the same problem. I also tried to create a CSR with Distribution as "Multi-server" but don't know how to add IP addresses to the SAN field. Can you share with me how to do it properly, please?

b.winter · ‎09-19-2022

If you would read carefully, then your question would be unnecessary:
"You cannot enter an IP address in the field parent domain as a SAN entry."

Roger Kallberg · ‎09-19-2022

As @b.winter and @Nithin Eluvathingal already have written you cannot add IP addresses to the CSR. It is not intended to work as it is not a proper thing to do in a certificate. It should only contain FQDNs and DNS domains.