Product Version: 6.x
Expires on: 365 days from publish date
Updated: January 30, 2020
While deploying the SSL Certificate using: https://www.liquidware.com/content/pdf/documents/support/Liquidware-How-Place-Signed-SSL-Certificate-Stratusphere-Appliances.pdf
Add a Subject Alternative Name to the SSL for Chrome compatibility or Alternative Name preference inside your Stratusphere Appliances.
Chrome will error on SSL certificate compatibility for Subject Alternative Name missing.
When entering Alternative Names into browser or server communication, ssl error occurs on the trust for the SAN of the appliance.
Using the following credited method to modify your SSL certificate request on any of the appliances using OpenSSL, prior to following our SSL deployment documentation:
The procedure provided by the documentation does not dive into the SAN creation for google requirement specifically, but you can follow this document to create a custom csr with the san specified manually using a configuration file.
- Create a file named name.req.config using vi signed in as the root user with the following information:
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = insert your alternate dns here DNS.2 = insert your alternate dns here DNS.3 = insert your alternate dns here
Note: alt_names section is the one you have to change for additional DNS.
➢ Copy the config file from the page above "Procedure to create CSR with SAN" to notepad and edit the DNS entries, then copy the syntax to clipboard.
➢ Create the name.req.config file by using the following command:
1. vi /etc/lwl/ssl/name.req.config
2. Press the "i" key to insert.
3. Right click on mouse to paste the clipboard contents from the notepad file.
4. Press ":" then type "wq!"
Use these steps instead of step 5:
- Original: 5. Generate a certificate request on the Stratusphere Hub using the existing SSL Key.
➢ openssl req -key /etc/lwl/ssl/ssl.key.2048 -out hubcertrequest.csr -new -sha256
➢ openssl req -key /etc/lwl/ssl/ssl.key.2048 -config /etc/lwl/ssl/name.req.config -out hubcertrequest.csr -new -sha256
Then Proceed with the remainder of the steps in the SSL Document.