Sonus is investigating a problem where the SBC 1k/2k & SWe Lite generate bad multi-SAN CSRs. The issue results in the additional SANs being added to the certificate as a single SAN, comma-separated:
Clearly this is a parsing error in the CSR-generating code, but unfortunately a fix isn’t immediately apparent. Separating the SANs with a space or a comma followed by a space – or even a carriage return – still results in bad certs.
The issue has been confirmed in the 1k/2k on 5.0.0 b395, 5.0.1 b399, 6.0.0 b435, 6.1.2 b471 & 6.1.3 b474. In the SWe Lite it’s present in at least 6.1.1 b91 & 6.1.2 b104.
You’re in luck if you only want two SANs on the cert – its hostname and presumably an alias. The “Generate Sonus CSR” code is *automatically* adding the hostname as a SAN, so in the SAN field you only need to enter its alias and you’ll end up with a well-crafted cert with 2 SANs:
If for some reason you want/need more then I think you’re toast. I’ll update the post if I get a work-around from the Sonus TAC. If you have any certs expiring soon, don’t leave it too late to replace them.
24th September 2017. This is the initial post.