cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1298
Views
0
Helpful
1
Replies
golly_wog
Beginner

FWSM - FQDN (alternate name) - need IP AND DNS hostname, is this supported?

Hi

On the FWSM I am trying to register a cert with a CA with an IP Address AND hostname, I can register fine using either an IP address or DNS hostname, but can't do both,

ciscoasa(config-ca-trustpoint)# fqdn test,1.1.1.1

ERROR: Invalid domain name specified.

Name labels can only contain letters, digits or hypthens.

According to RFC 2459 I should be able to add more than one...

4.2.1.7  Subject Alternative Name

   The subject alternative names extension allows additional identities
   to be bound to the subject of the certificate.  Defined options
   include an Internet electronic mail address, a DNS name, an IP
   address, and a uniform resource identifier (URI).  Other options
   exist, including completely local definitions.  Multiple name forms,
   and multiple instances of each name form, may be included.

Can anyone tell me if it's only possible to add a single alternative name?

Cheers

1 REPLY 1
Mohammad Alhyari
Cisco Employee

Hi ,

with the ASA you can't do this , please see the following :

CSCso70867    ASA doesn't support SAN attributes for the enrollment request

the ASA will allow you to add the SAN to the CSR using the FQDN , but it still doesn't support multiple SAN ,  you can consider generating the CSR outbound using some CA that allows the use of multiple SAN.

as far as i know this can't be done on the FWSM also .

regards.

Content for Community-Ad