Info: MSCA Pool CSR does not include SAN entries

Applies To:

All versions of TPP up to 22.2



When you submit a certificate request to an MSCA Pool template in Venafi, the downloadable CSR generated for the certificate does not include the SAN entry, even though the SAN entry IS included in the certificate.

If you submit the same certificate request to any of the CA templates IN the pool, the CSR will include the SAN.



This is by design.  The SAN is submitted separately when submitting to an MSCA Pool so the CSR will not include any SAN entries.



You need to set "SAN Enabled" to "1" on each CA pool to enable SANs on your CA pools. This can only be done through the support tab, so you will need to get Venafi Support to generate you a support key to edit the setting.

Was this article helpful?
0 out of 0 found this helpful