• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Locked

‎05-12-2016 12:41 PM

HP Recommended

Hi,

I tried to create and install a certificate to my HDX 7000 (version 3.1.9).


If I create a CSR under

Admin
- Security
 - Certificate

then download the CSR-file and upload this on our PKI-Site I got and
error message saying:


"Your request contains domain-names with non public top-level-domains or
reservered IP-adresses. This is forbidden."


This is because the CSR generated by the HDX-7000 device includes all
the following alternative names:

1. the FQDN ("myname.subdomain.tld"): This is what we expect.
2. the IP-Adress ("x.x.x.x"): This is suboptimal, but ok.
3. the single hostname ("myname"): This is forbidden by most global CAs!

So our CA refuses to sign the generated CSR because of 3.

Any chance we can generate a CSR without the single hostname as an
alternative name?

Uploading a certificate generated from a self-gernerated CSR won't work
because that certificate will not be used by the device for any of its
services.

 

Any helped appreciated

 

Best regards

Michael

2 REPLIES 2

‎05-13-2016 11:53 AM

HP Recommended

If you are under a current service contract please open a report on this issue.

 

As a work around you can try:  The only solution currently is to edit the CSR offline to remove the hostname SAN field prior to signing. 

Was this reply helpful? Yes No

‎05-15-2016 07:20 AM

HP Recommended

Hi,

 

thanks for your reply!

 

Can you please explain how to edit a CSR _before_ signing? As far as I know, this is forbidden 😞

 

Best regards

Michael

 

 

Was this reply helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.