Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

PowerShell New-NcSecurityCertificateCsr Cmdlet does not support Subject Alternate Name parameters

bachman
NetApp
‎2022-06-28 12:57 PM
1,652 Views

PowerShell Toolkit 9.10.1.2111

 

Recently assisting a customer with an issue around PowerShell scripting of creation and installation of signed certificates. Customer was able to create the certificate signing request (CSR), submit it to the Certificate Authority (CA) and process it to install the signed certificate on the ONTAP cluster..

 

Issue occurs due to what appears to be a shortfall in the New-NcSecurityCertificateCsr cmdlet. The cmdlet does not allow submitting Subject Alternate Name (SAN) parameters to the CA for inclusion in the signed certificate. This is found to cause a certificate validation error in System Manager.

 

Creating the CSR from the command line allows submitting these parameters which are not supported by the New-NcSecurityCertificateCsr cmdlet:

  • -dns-name
  • -ipaddr
  • -uri
  • -rfc822-name

The solution to the issue for the customer is to include the -dns-name and -ipaddr parameters, which he cannot do using the PowerShell cmdlet.

 

Please advise if these can be added to this PowerShell cmdlet.

 

1 REPLY 1

jamesfort89
‎2022-07-20 09:19 AM
1,276 Views

I am the customer referred to in this post.  To add a bit of info on this:

 

This particular cmdlet is relying on an older ZAPI call, which does not have this capability in it.  The newer REST API call has this capability when I look at the documentation.

0 Kudos
All Community Forums
Public