cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6893
Views
5
Helpful
4
Replies

Certificate issue--csr san and certificate san does not match-- error

Bar1s
Level 1
Level 1

Hi everybody, 

We have  A.CA which is root CA(self signed), B.CA 's cert signed with A.CA and client certificate(cucm) signed with B.CA but while I try to upload certificate we are getting --csr san and certificate san does not match-- error. All host names are lowercase. 

But for CMS we had same process while signing cms certificates. For root CA we conjugated two root certificate as like B.CA.cer+A.CA.cer single file.  ->> BA.cer .

#webadmin certs cms1a.key cms1a.cer BA.cer 

It worked for CMS. 

Retuning to the Cucm I uploaded A.cer and B.cer also conjugated BA.cer files as tomcat trust. Unfortunately I couldn't pass signing process. 

Any idea guys ? 

 

Regards,

Baris 

 

 

 

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Quick question, is the CA Server reachable to from where you installing Certificate ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Bajaji,
I will say yes, but not sure.
It is necessary ? CMS did not had any issue.

Regards,
Baris.

Jaime Valencia
Cisco Employee
Cisco Employee

Does the certificate you got back from your CA has the same CN and SAN entries you submitted in the CSR?

HTH

java

if this helps, please rate

Sorry to occupy here for this issue. The tool that for the using certificate to sign was the problem.

However I had to compare CSR's SAN and signed certificates SAN values.
For CSR's SAN you can check csr with https://www.entrust.net/ssl-technical/csr-viewer.cfm online tool.
Signed cert you can check certificate basically double clicking if it is .cer extension.

Regards,
Baris.