Thank you for the video, it was very helpful! For anyone that doesn't want to use the FQDN you can set your CN = "servername" and in the [ alt_names ] area create 3 lines. One for FQDN, IP address, and your ServerName.
Thanks !! I just followed this but without the OpenSSL thing. FMC version 6.6+ ask you to add a SAN field and that's what I did and it worked perfectly !
Nathan why is there no way to do this from the CA console??? Is it a requirement to use the Web Portal to submit an CSR as there is no way to do it via the CA itself
There is not requirement necesarily to use web gui for CA console. There are many linux based CA's where you can use CLI for the entire process. Its all down to your particular infrastructure
Hi Nathan, I've been working on this issue with my FMC server and I tried your method with OPENSSL and I was still unable to upload the SAN certificate. I'm curious on what version you're currently running because I'm on Software v 6.2.3.15 and I'm receiving the error message of "Basic Contstrains are not critical or not defined". Any suggestions?
Arison, yes this is because the FMC looks to validate the basic constraints extension of a PKI certificate. If you open the certificate you intend to use for the FMC you will see that it is missing. In later versions of FMC this is no longer the case but for your version it is required. This was actually why I mentioned that I would make a video on how to create the pki template.... but I never did. I’ll go ahead and do that next week. That being said, to fix your issue you need to add the basic constraints extension to the certificate template before using the certificate. Reach out to me via email if you’d like assistance with this...
@@NathanStapp If I'm not mistaken can those constrains be built in the .cnf file? That way when the CSR is generated, it will inherit it. If so, then I would gladly email you for some assistance. Could you please provide that address when you have a moment?
Hi Nathan, I've sent you an email with requesting assistance. I understand you can be busy but if its possible could you possibly point me to a site that may have a tutorial on PKI certificates?
@@arisonmercado7183 Kind of, in the CNF file you can define the values for the basicConstraints, however on the PKI server template you have to have basicConstraints defined.....
Very helpful video. it turned out we are neighbors. I live in Sterling. Thank you neighbor :)
Super helpful and thorough...thanks so much. I've learned a ton of theory about PKI infrastructure but this helped me finally put it into practice.
Thank you for the video, it was very helpful! For anyone that doesn't want to use the FQDN you can set your CN = "servername" and in the [ alt_names ] area create 3 lines. One for FQDN, IP address, and your ServerName.
Thanks for this video, FMC 6.7 now includes SAN option from system configuration
Yes, you are right, things are getting better with the newer versions!
Thanks !! I just followed this but without the OpenSSL thing. FMC version 6.6+ ask you to add a SAN field and that's what I did and it worked perfectly !
Yes this video is slightly dated, I'm glad they are continuing to improve the product to make it a more seemless experience for the end user!
Nathan why is there no way to do this from the CA console??? Is it a requirement to use the Web Portal to submit an CSR as there is no way to do it via the CA itself
There is not requirement necesarily to use web gui for CA console. There are many linux based CA's where you can use CLI for the entire process. Its all down to your particular infrastructure
Hi Nathan, I've been working on this issue with my FMC server and I tried your method with OPENSSL and I was still unable to upload the SAN certificate. I'm curious on what version you're currently running because I'm on Software v 6.2.3.15 and I'm receiving the error message of "Basic Contstrains are not critical or not defined". Any suggestions?
Arison, yes this is because the FMC looks to validate the basic constraints extension of a PKI certificate. If you open the certificate you intend to use for the FMC you will see that it is missing. In later versions of FMC this is no longer the case but for your version it is required. This was actually why I mentioned that I would make a video on how to create the pki template.... but I never did. I’ll go ahead and do that next week. That being said, to fix your issue you need to add the basic constraints extension to the certificate template before using the certificate. Reach out to me via email if you’d like assistance with this...
@@NathanStapp If I'm not mistaken can those constrains be built in the .cnf file? That way when the CSR is generated, it will inherit it. If so, then I would gladly email you for some assistance. Could you please provide that address when you have a moment?
Hi Nathan, I've sent you an email with requesting assistance. I understand you can be busy but if its possible could you possibly point me to a site that may have a tutorial on PKI certificates?
@@arisonmercado7183 I went ahead and published a video how to generate the template correctly for FMC.
@@arisonmercado7183 Kind of, in the CNF file you can define the values for the basicConstraints, however on the PKI server template you have to have basicConstraints defined.....
Different takes is not authentic.