Follow

Stratusphere: Add a SAN to SSL certificate for Chrome compatibility

Product: Stratusphere

Product Version: 6.x

Expires on: 365 days from publish date

Updated: January 30, 2020

 

Problem:

While deploying the SSL Certificate using: https://www.liquidware.com/content/pdf/documents/support/Liquidware-How-Place-Signed-SSL-Certificate-Stratusphere-Appliances.pdf

Add a Subject Alternative Name to the SSL for Chrome compatibility or Alternative Name preference inside your Stratusphere Appliances.

 

 Symptoms:

Chrome will error on SSL certificate compatibility for Subject Alternative Name missing.

When entering Alternative Names into browser or server communication, ssl error occurs on the trust for the SAN of the appliance.

Summary:

Using the following credited method to modify your SSL certificate request on any of the appliances using OpenSSL, prior to following our SSL deployment documentation:

- https://geekflare.com/san-ssl-certificate/

 

 

Solution:

The procedure provided by the documentation does not dive into the SAN creation for google requirement specifically, but you can follow this document to create a custom csr with the san specified manually using a configuration file.

  • Create a file named name.req.config using vi signed in as the root user with the following information:
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
stateOrProvinceName         = State or Province Name (full name)
localityName               = Locality Name (eg, city)
organizationName           = Organization Name (eg, company)
commonName                 = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = insert your alternate dns here
DNS.2   = insert your alternate dns here
DNS.3   = insert your alternate dns here

Note: alt_names section is the one you have to change for additional DNS.

➢ Copy the config file from the page above "Procedure to create CSR with SAN"  to notepad and edit the DNS entries, then copy the syntax to clipboard.

➢ Create the name.req.config file by using the following command:

1. vi /etc/lwl/ssl/name.req.config

2. Press the "i" key to insert.

3. Right click on mouse to paste the clipboard contents from the notepad file.

4. Press ":" then type "wq!"

 

Use these steps instead of step 5:

- Original: 5. Generate a certificate request on the Stratusphere Hub using the existing SSL Key. 

openssl req -key /etc/lwl/ssl/ssl.key.2048 -out hubcertrequest.csr -new -sha256

- Instead run this: 

openssl req -key /etc/lwl/ssl/ssl.key.2048 -config /etc/lwl/ssl/name.req.config -out hubcertrequest.csr -new -sha256


Then Proceed with the remainder of the steps in the SSL Document.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.