HDX 7000 certificate problem

MichaelGraeve · ‎05-12-2016

Hi,

I tried to create and install a certificate to my HDX 7000 (version 3.1.9).

If I create a CSR under

Admin
- Security
- Certificate

then download the CSR-file and upload this on our PKI-Site I got and
error message saying:

"Your request contains domain-names with non public top-level-domains or
reservered IP-adresses. This is forbidden."

This is because the CSR generated by the HDX-7000 device includes all
the following alternative names:

1. the FQDN ("myname.subdomain.tld"): This is what we expect.
2. the IP-Adress ("x.x.x.x"): This is suboptimal, but ok.
3. the single hostname ("myname"): This is forbidden by most global CAs!

So our CA refuses to sign the generated CSR because of 3.

Any chance we can generate a CSR without the single hostname as an
alternative name?

Uploading a certificate generated from a self-gernerated CSR won't work
because that certificate will not be used by the device for any of its
services.

Any helped appreciated

Best regards

Michael

Polycom Video EP PLM · ‎05-13-2016

If you are under a current service contract please open a report on this issue.

As a work around you can try: The only solution currently is to edit the CSR offline to remove the hostname SAN field prior to signing.

MichaelGraeve · ‎05-15-2016

Hi,

thanks for your reply!

Can you please explain how to edit a CSR _before_ signing? As far as I know, this is forbidden :-(

Best regards

Michael

HDX 7000 certificate problem

HDX 7000 certificate problem

Re: HDX 7000 certificate problem

Re: HDX 7000 certificate problem