Error when using Subject Alternative Names (SAN)

224 views
Skip to first unread message

Jules Webb

unread,
Mar 3, 2016, 6:14:23 PM3/3/16
to ACMESharp
Hello

I'm getting an error when I try to request and retrieve a certificate. Below is the cmd and error I got. I'm following the instructions from #7 on https://github.com/ebekker/ACMESharp/wiki/Quick-Start 


PS> New-ACMECertificate myalias -Generate -AlternativeIdentifierRefs cdn -Alias myalias-with-cdn_cert

New-ACMECertificate : Cannot bind parameter 'AlternativeIdentifierRefs'. Cannot convert the "cdn" value of type
"System.String" to type "System.Collections.Generic.IEnumerable`1[System.Object]".At line:1 char:62
+ ... -ACMECertificate myalias -Generate -AlternativeIdentifierRefs cdn -Alias  ...
+                                                               ~~~
    + CategoryInfo          : InvalidArgument: (:) [New-ACMECertificate], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,ACMESharp.POSH.NewCertificate


Since this didn't work I went ahead and created and submitted per the instructions (see example below).  These cmds were successful, but it doesn't give me coverage for cdn.mysite.com

PS> New-ACMECertificate dns1 -Generate -Alias cert1
PS> Submit-ACMECertificate cert1

Not sure what I'm doing incorrectly and would appreciate any insights!
Jules

Eugene Bekker

unread,
Mar 26, 2016, 6:36:27 AM3/26/16
to ACMESharp
The cmdlet is expecting a IEnumerable for the -AlternativeIdentifierRefs parameter, and it's interpreting the single lone value "cdn" as just a single string.  You can force it to a enumerable by either sticking a comma right in front of it or using the literal array notation in PowerShell, either of these should work:

PS> New-ACMECertificate myalias -Generate -AlternativeIdentifierRefs ,cdn -Alias myalias-with-cdn_cert

or

PS> New-ACMECertificate myalias -Generate -AlternativeIdentifierRefs @(cdn) -Alias myalias-with-cdn_cert


webm...@borntowin.net

unread,
Feb 25, 2017, 9:11:59 PM2/25/17
to ACMESharp
Thanks for this fix. I was following the Quick Start guide and got stumped here.

webm...@borntowin.net

unread,
Feb 25, 2017, 9:53:51 PM2/25/17
to ACMESharp
Actually, it seems like my alternative id didn't end up in the cert. I've got:
"AlternativeIdentifierDns : {}"
trying to load assets on the alt (a subdomain) securely gives a warning that the certificate is not for that domain.
Reply all
Reply to author
Forward
0 new messages