Creating Certificate Subject Alternate Names

Creating Certificate Subject Alternate Names

84506
Created On 09/26/18 13:51 PM - Last Modified 06/13/23 04:06 AM


Resolution


Details

One certificate can be used for multiple purposes using Subject Alternate Names.

  • If using a certificate for VPN there can be a DNS host entry for vpn.yourcompany.com
  • If using a certificate for Palo Alto Networks firewall GUI access there may be a DNS host entry for the name of the firewall "pan-fw01.yourcompany.com"

 

Instead of generating multiple certificates, one certificate can be generated and it given multiple "Common Names"

In Public Certificate Authorities, "Subject Alternate Names" can be used and this can also be done with self signed certificates.

 

Steps

Follow the steps below:

  1. When generating the certificate, give the certificate a "Common Name" that will be used to resolve to a DNS host entry. In the example below, this certificate was made a private CA, but this technique can be used for generating CSR's as well: To generate the certificate go to Devices > Certificates and click "Generate".
    CertStep1.PNG
  2. Add the "Subject Alternate Names" by going to "Certificate Attributes" and selecting "Host Name" or "IP Address:
    CertStep2.PNG
  3. Verify that the Subject Alternate Names have been added by exporting the certificate and "Double clicking" it to open.
    Notice the "Subject" is still the host entry that was applied for the Common Name but now has a "Subject Alternate Names.
    CertStep3.PNG

This will now allow safe access to different URL's using the newly generated certificate.

 

owner: jperry
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CluVCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language