FortiOS’e 5.2, Sertifika imzalamada CSR istekleri birden çok Subject Alternative Name içerebilir.
GUI üzerinden , Subject Alternative Name metin alanı (virgülle ayrılmış) birden çok öğe girilmesine izin vermez, metin alanının kendisi 60 karakter sınırı vardır. SAN ayrıca girilen her bir tanıtıcı ihtiyacı göz önüne alındığında, bu limit kolaylıkla CLI üzerinden aşılabilir.
Örnek:
Command Syntax
execute vpn certificate [store] generate [encryption_method] [cert_name] [key_size] [CN] [Country] [State/Province] [Org] [City] [OU] [email] [SANs – optional]
Command Options
store: ca, crl, local, remote
encryption_method: rsa, ec
cert_name: Name for Certificate, purely meant as an indentifier
key_Size: Key Encyrption Size, Options are 1024, 1536, and 2048
CN: Common Name, the name the certificate is signed for
Country: Country name or Country Code
State/Province: State or Province Name
Org: Organization Name
City: City Name
OU: Organizational Unit, similar to Directories in a Directory Service
email: Email address for IT Contact
SANS: Other accepted names, should include CN if CN is to be accepted
SAN Syntax
Email: email:[email protected]
IP Address: IP:1.1.1.1
URL: URI:http://companyname.com
DNS Name: DNS:www.companyname.com
execute vpn certificate local generate test_cert 2048 companyname.com CA Ontario Ottawa IT,Certificates [email protected] DNS:companyname.com,DNS:www.companyname.com,DNS:vpn.jason.com
Certificate Name: test_cert
Key Size: 2048
CN: companyname.com
Country: CA (Canada)
State/Province: Ontario
City: Ottawa
OU: > IT > Certificates
Email: [email protected]
SANS:
>DNS Name=companyname.com
>DNS Name=www.companyname.com
>DNS Name=vpn.companyname.com