Microsoft Virtualization Discussions

PowerShell New-NcSecurityCertificateCsr Cmdlet does not support Subject Alternate Name parameters

bachman
1,262 Views

PowerShell Toolkit 9.10.1.2111

 

Recently assisting a customer with an issue around PowerShell scripting of creation and installation of signed certificates. Customer was able to create the certificate signing request (CSR), submit it to the Certificate Authority (CA) and process it to install the signed certificate on the ONTAP cluster..

 

Issue occurs due to what appears to be a shortfall in the New-NcSecurityCertificateCsr cmdlet. The cmdlet does not allow submitting Subject Alternate Name (SAN) parameters to the CA for inclusion in the signed certificate. This is found to cause a certificate validation error in System Manager.

 

Creating the CSR from the command line allows submitting these parameters which are not supported by the New-NcSecurityCertificateCsr cmdlet:

  • -dns-name
  • -ipaddr
  • -uri
  • -rfc822-name

The solution to the issue for the customer is to include the -dns-name and -ipaddr parameters, which he cannot do using the PowerShell cmdlet.

 

Please advise if these can be added to this PowerShell cmdlet.

 

1 REPLY 1

jamesfort89
890 Views

I am the customer referred to in this post.  To add a bit of info on this:

 

This particular cmdlet is relying on an older ZAPI call, which does not have this capability in it.  The newer REST API call has this capability when I look at the documentation.

Public