Based on a conversation or two I had with folks from IBM at the Common Annual Meeting and Spring Conference, I DO know that DCM is getting some attention. I asked that the API for generating a CSR be exposed and an API to call to import the resulting certificate from a a third party would be created/exposed so integration with LetsEncrypt could be easier. Adding the SAN would be a reasonable request.

I didn't hear the exact mention for getting those requests into IBM but an RFE wouldn't be a bad idea.

Pete Helgren
GIAC Secure Software Programmer-Java
Twitter - Sys_i_Geek IBM_i_Geek

On 5/15/2017 12:46 PM, Dan Lanza wrote:
Hi Keith,

We encountered the same issue with v58 using DCM generated certs. The way we addressed the issue was by creating the CSR on a Linux machine and then importing the cert to DCM. It's tricky because the only way (AFAIK) is to create a configuration file to base the CSR off of. The typical CLI procedure alone wouldn't do it.

An outline of this process can be found here:
While not the most difficult work around, this may be a sign DCM needs an update. Google is just enforcing a nearly 20 year old RFC and there is no way (AFAIK) to add a SAN using DCM alone.

Dan Lanza

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.