Moin,
I got a csr with this content (extracted with openssl, only the relevant parts are shown)
Subject: CN=s91.server.com
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:s91.server.com, DNS:s90, IP Address:192.168.105.30, URI:https://s90, URI:https://s90.server,com
But I’m getting this error message:
- URI Subject Alternative Names are not allowed in this role, but were provided via CSR
I created a brand new role with everything allowed, but it is still not working:
$ vault write intca/roles/san allow_localhost=true allow_subdomains=true allow_bare_domains=true allow_any_name=true allow_uri_sans=true allow_ip_sans=true allow_glob_domains=true
Any hints?
Thanks