I tried to create and install a certificate to my HDX 7000 (version 3.1.9).
If I create a CSR under
then download the CSR-file and upload this on our PKI-Site I got and
error message saying:
"Your request contains domain-names with non public top-level-domains or
reservered IP-adresses. This is forbidden."
This is because the CSR generated by the HDX-7000 device includes all
the following alternative names:
1. the FQDN ("myname.subdomain.tld"): This is what we expect.
2. the IP-Adress ("x.x.x.x"): This is suboptimal, but ok.
3. the single hostname ("myname"): This is forbidden by most global CAs!
So our CA refuses to sign the generated CSR because of 3.
Any chance we can generate a CSR without the single hostname as an
Uploading a certificate generated from a self-gernerated CSR won't work
because that certificate will not be used by the device for any of its
Any helped appreciated
If you are under a current service contract please open a report on this issue.
As a work around you can try: The only solution currently is to edit the CSR offline to remove the hostname SAN field prior to signing.
thanks for your reply!
Can you please explain how to edit a CSR _before_ signing? As far as I know, this is forbidden :-(