Recently assisting a customer with an issue around PowerShell scripting of creation and installation of signed certificates. Customer was able to create the certificate signing request (CSR), submit it to the Certificate Authority (CA) and process it to install the signed certificate on the ONTAP cluster..
Issue occurs due to what appears to be a shortfall in the New-NcSecurityCertificateCsr cmdlet. The cmdlet does not allow submitting Subject Alternate Name (SAN) parameters to the CA for inclusion in the signed certificate. This is found to cause a certificate validation error in System Manager.
Creating the CSR from the command line allows submitting these parameters which are not supported by the New-NcSecurityCertificateCsr cmdlet:
The solution to the issue for the customer is to include the -dns-name and -ipaddr parameters, which he cannot do using the PowerShell cmdlet.
Please advise if these can be added to this PowerShell cmdlet.