HPE Community
Server Management - Systems Insight Manager
1821643 Members
3241 Online
109633 Solutions
New Discussion юеВ

HPSIM: Not able to create CSR with SAN extension

 
SOLVED
Go to solution
jnxno
Visitor

тАО10-12-2022 04:47 AM - last edited on тАО10-13-2022 09:44 PM by

тАО10-12-2022 04:47 AM - last edited on тАО10-13-2022 09:44 PM by

HPSIM: Not able to create CSR with SAN extension

Hi,

We are on "Systems Insight Manager 7.6.0 - Windows".

When opening the web page, it gives us certificate error. Reason is that certificate does not contain SubjectAltName. So I try to renew certificate by creating new CSR, but it does not bring with it the SAN extension. So the issued certificate still presents the error (even if it is within validity period).

Have tried some different things, like:

- Building PEM file manually, converting, importing (some variations here)

- Changing my certificate template to automatically add the host name (this way I could import the certificate, but it still gave error, because it was missing all other fields, like OU etc..)

- Creating CSR using openssl (this gave error "Error importing signed certificate: public key in reply doesn't match server's public key; ensure importing proper reply.")

None worked 100%.

Now, I am not a certificate expert, nor Insight Manager expert. So maybe I did something wrong, maybe just a little tweak is missing...

 

I hope anyone can help

Maybe I am on an old version? It was not so easy to figure out if there was a new Insight Manager version out there (but maybe I forgot my glasses)

 

Regards,
Tom

0 Kudos
Reply
2 REPLIES 2
sgunelius
Trusted Contributor

тАО10-12-2022 01:53 PM - edited тАО10-13-2022 04:44 AM

тАО10-12-2022 01:53 PM - edited тАО10-13-2022 04:44 AM

Re: HPSIM: Not able to create CSR with SAN extension

7.6 is the last release; here's the link indicating most current version and EOL dates:

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c04273185

Is there a reason you haven't shifted to OneView to monitor your server health?  I still have some older (pre-G7) with older iLO2 that can't be monitored within OneView, so SIM is still my go to there, but it seems more difficult with the support dropped for Internet Explorer, so I've been using Microsoft Edge in IE mode.

0 Kudos
Reply
jnxno
Visitor

тАО10-17-2022 11:45 PM

тАО10-17-2022 11:45 PM

Solution

Re: HPSIM: Not able to create CSR with SAN extension

Thank you for your reply!
I have relayed the OneView option to my colleagues working in this area.

 

For anyone finding this forum thread with same issue - this was my workaround/solution:

Instead of issuing certificate with a template where Subject Name were supposed to be "Supplied in request", I created a duplicate template where Subject Name will be "Build from Active Directory". Then certificate response will contain only DNS name.
To get this working I executed certreq from the server in questoin, and I used the -adminforcemachine parameter.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.