Blog

Subject Alternative Name Uzun Olduğunda CLI Üzerinden CSR Oluşturma

FortiOS’e 5.2, Sertifika imzalamada CSR istekleri birden çok Subject Alternative Name  içerebilir.

GUI üzerinden , Subject Alternative Name metin alanı (virgülle ayrılmış) birden çok öğe girilmesine izin vermez, metin alanının kendisi 60 karakter sınırı vardır. SAN ayrıca girilen her bir tanıtıcı ihtiyacı göz önüne alındığında, bu limit kolaylıkla CLI üzerinden aşılabilir.

Örnek:

Command Syntax

execute vpn certificate [store] generate [encryption_method] [cert_name] [key_size] [CN] [Country] [State/Province] [Org] [City] [OU] [email] [SANs – optional]

Command Options

store: ca, crl, local, remote
encryption_method: rsa, ec
cert_name: Name for Certificate, purely meant as an indentifier
key_Size: Key Encyrption Size, Options are 1024, 1536, and 2048
CN: Common Name, the name the certificate is signed for
Country: Country name or Country Code
State/Province: State or Province Name
Org: Organization Name
City: City Name
OU: Organizational Unit, similar to Directories in a Directory Service
email: Email address for IT Contact
SANS: Other accepted names, should include CN if CN is to be accepted

SAN Syntax

Email: email:[email protected]
IP Address: IP:1.1.1.1
URL: URI:http://companyname.com
DNS Name: DNS:www.companyname.com

execute vpn certificate local generate test_cert 2048 companyname.com CA Ontario Ottawa IT,Certificates [email protected] DNS:companyname.com,DNS:www.companyname.com,DNS:vpn.jason.com

Certificate Name: test_cert
Key Size: 2048
CN: companyname.com
Country: CA (Canada)
State/Province: Ontario
City: Ottawa
OU: > IT > Certificates
Email: [email protected]
SANS:
>DNS Name=companyname.com
>DNS Name=www.companyname.com
>DNS Name=vpn.companyname.com