Unable to create CSR with alternative subjects in case an external CA is used.

  • 7004246
  • 20-Aug-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.0.4
Novell Access Manager 3.1
Access Manager support Pack 1 has been applied.

Situation

Creating a Certificate Signing Request in Novell Access Manager with Subject Alternatives and get it signed by a Public CA is not possible.
The option "Alternative name(s)" is only available when the local certificate authority is used.

Resolution

This problem falls back to the PKI APIs that are restricted in what we can populate in this alternate name field.

Enhancement has been put in to get this option in for the future.

Workaround that could be used is the following:
Use openssl on the IDP to generate the CSR straight with openssl and to have it signed by the CA.
After importing the signed cert there, we could export it in pkcs12 format and just import that into the Access Manager.

Additional Information

In any case, it is up to Certificate Authority's policy to accept the request for the alternate subject name.