FortiOS’e 5.2, Sertifika imzalamada CSR istekleri birden çok Subject Alternative Name içerebilir.
GUI üzerinden , Subject Alternative Name metin alanı (virgülle ayrılmış) birden çok öğe girilmesine izin vermez, metin alanının kendisi 60 karakter sınırı vardır. SAN ayrıca girilen her bir tanıtıcı ihtiyacı göz önüne alındığında, bu limit kolaylıkla CLI üzerinden aşılabilir.
Örnek:
execute vpn certificate [store] generate [encryption_method] [cert_name] [key_size] [CN] [Country] [State/Province] [Org] [City] [OU] [email] [SANs - optional]
Command Options
store: ca, crl, local, remote
encryption_method: rsa, ec
cert_name: Name for Certificate, purely meant as an indentifier
key_Size: Key Encyrption Size, Options are 1024, 1536, and 2048
CN: Common Name, the name the certificate is signed for
Country: Country name or Country Code
State/Province: State or Province Name
Org: Organization Name
City: City Name
OU: Organizational Unit, similar to Directories in a Directory Service
email: Email address for IT Contact
SANS: Other accepted names, should include CN if CN is to be accepted
SAN Syntax
Email: email:admin@companyname.com
IP Address: IP:1.1.1.1
URL: URI:http://companyname.com
DNS Name: DNS:www.companyname.com
execute vpn certificate local generate test_cert 2048 companyname.com CA Ontario Ottawa IT,Certificates admin@companyname.com DNS:companyname.com,DNS:www.companyname.com,DNS:vpn.jason.com
Certificate Name: test_cert
Key Size: 2048
CN: companyname.com
Country: CA (Canada)
State/Province: Ontario
City: Ottawa
OU: <root> > IT > Certificates
Email: admin@companyname.com
SANS:
>DNS Name=companyname.com
>DNS Name=www.companyname.com
>DNS Name=vpn.companyname.com
2,940 total views, 2 views today