Wired Intelligent Edge

 View Only

  • 1.  2530 PKI Subject Alternative Name

    Posted Apr 10, 2019 10:46 AM

    I'm trying to setup certificates that are signed by our Active Directory Certificate Services certificate authority.  I can create the certificate and they work fine in IE/Edge howerver chrome no longer support the common name field and instead requires the Subject Alternative Name field to be populated.  I believe this part of the certificate is  provided by the switch in the request.  Is there a way to add the Subject Alternative Name?  And thus have a valid certificate.

    I'm using software version YA.15.16.0021 which was applied some time last year, (a year after google changed this setting in chrome,) however I have some brand new aruba 2530-8g switches that are just the same



  • 2.  RE: 2530 PKI Subject Alternative Name

    Posted Sep 04, 2019 06:17 PM

    Hi,

    I have understood that chrome no longer support the common name field and instead requires the Subject Alternative Name field to be populated.
    When you install a valid certificate on your switches (mostly 2530 and 2930F) have you checked whether Internet explorer is okay with the certificates and how they respond ?
    The CA should be automatically adding the CN as a SAN(Subject Alternative Name). If they’re not, you should reach out to their support.

    Thank You

    I am an HPE Employee



Related Content