Forum Discussion
Eklas1974_20500
Aug 25, 2015Nimbostratus
Hello,
I am getting (SSL Certificate - Signature Verification Failed Vulnerability) only for the cert in which there are multiple subjects (Subject Alternative Name) ...this specific cert is used to multiple stage envs ( it's like a bundle)...
any idea if there is anything special I need to do for this cert to pass the scan?
- Aug 26, 2015Hi, you are using a SAN certificate as device certificate? It should not be a problem. Make sure the name used as CN is contained in the list of alternative names as well. In case it contains IP addresses the labels in the alternative names should be IP instead of DNS. For a device certificate it is very important to have both the purpose flags to act as server cert and as client cert. Does the GTM trust the signing CA? Is the certificate imported to device certs, trusted certs and to GTM server trusted certs? On weekend I can upload a script covering creation of a cert containing alternative names, being valid for 10 years, based on 2.048 bit key and copies it to all required locations. Thanks, Stephan