Jump to content
Welcome to our new Citrix community!

Getting a random backslash associate in our SAN names on a cert.


Recommended Posts

We’re following the Citrix doc here: https://support.citrix.com/article/CTX232305

 

 

When utilizing the ‘Subject Alternative Name’ field in the ‘Create Certificate Signing Request’ and providing multiple DNS entries as specified in the document, we end up with an extra \ in our certificate. See below:

 

The extra \ causes the cert to not be recognized as valid, so we’d really like this to be resolved.

 

 

 

Here’s my CLI command to create the CSR, but the issue occurs both from the GUI and from the CLI.

 

create ssl certreq mediadev.csr -keyfile mediadev.key -keyform PEM -PEMPassPhrase xxxxxxx -countryName US -stateName Ohio -localityName Cincinnati -organizationName "Enterprise IT Services" -organizationUnitName Infrstructure -commonName mediadev.xxxxxxxxx.com -subjectAltName "DNS:mediadev DNS:mediadev.xxxxxx.com" -emailAddress hostmaster@resurgent.com -digestMethod SHA256

 

 

 

Test_LI.jpg

Link to comment
Share on other sites

Hi Mihai,

 

Since when has it not been okay? We have old VPXs with 11.1 code on them and were able to do that on there with them. But in the 12.1 code it randomly throws in that backslash. I also believe my sysadmin are following Carl Stahlhoods site on how to properly do that.

 

We will get it a shot but a lot of these site and the people we support are use to being able to type in that short name and i going directly to that site. It also doesn't matter if the FQDN is first, it does the same thing. I believe it has to do with something about having multiple SAN names.

 

But we will give it a shot again 

 

Thanks

Link to comment
Share on other sites

hi!

 

I only said that because your you did not use a FQDN it might throw that "/" and it might be a bug. 

I've always used FQDN , but i think you can use IP's and a short name like you said.

 

 

So , your cert i don't think it was created on the netscaler. It might have been imported because as far as i know in version 11.1 i don't think you can create a ssl cert with SubjectAltnames.

Only starting with version 12 you can add these SubjectAltnames in the cert request. i usually add them when  purchasing the signed certificate.

 

As a test you could generate that cert and import it on the Netscaler, and not have Netscaler generate it. 

 

thanks!

  • Like 1
Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...