Plantronics + Polycom. Now together as Poly Logo

HDX 7000 certificate problem

Highlighted
Occasional Visitor

HDX 7000 certificate problem

Hi,

I tried to create and install a certificate to my HDX 7000 (version 3.1.9).


If I create a CSR under

Admin
- Security
 - Certificate

then download the CSR-file and upload this on our PKI-Site I got and
error message saying:


"Your request contains domain-names with non public top-level-domains or
reservered IP-adresses. This is forbidden."


This is because the CSR generated by the HDX-7000 device includes all
the following alternative names:

1. the FQDN ("myname.subdomain.tld"): This is what we expect.
2. the IP-Adress ("x.x.x.x"): This is suboptimal, but ok.
3. the single hostname ("myname"): This is forbidden by most global CAs!

So our CA refuses to sign the generated CSR because of 3.

Any chance we can generate a CSR without the single hostname as an
alternative name?

Uploading a certificate generated from a self-gernerated CSR won't work
because that certificate will not be used by the device for any of its
services.

 

Any helped appreciated

 

Best regards

Michael

Message 1 of 3
2 REPLIES 2
Highlighted
Polycom Employee & Moderator

Re: HDX 7000 certificate problem

If you are under a current service contract please open a report on this issue.

 

As a work around you can try:  The only solution currently is to edit the CSR offline to remove the hostname SAN field prior to signing. 

Message 2 of 3
Highlighted
Occasional Visitor

Re: HDX 7000 certificate problem

Hi,

 

thanks for your reply!

 

Can you please explain how to edit a CSR _before_ signing? As far as I know, this is forbidden :-(

 

Best regards

Michael

 

 

Message 3 of 3