Adding an allowed SANs list
See below for adding a list of allowed Subject Alternative Names (SANs).
To create an allowed SANs list:
-
Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of these roles:
-
Click Certificate Authorities in the sidebar and select the Allowed SANs tab.
-
Select Add > Allowed SANs list.
-
Configure the following list settings.
-
Click Add.
-
Add the new list to an issuing subordinate authority.
- On authority creation, as explained in Creating an issuing subordinate authority.
- After authority creation, as explained in Selecting allowed SAN lists.
Allowed SANs List
The unique identifier of the new list.
Hostnames
The DNS hostnames allowed by the list. For each hostname, select the corresponding match.
| Match | Pattern | Matches |
|---|---|---|
| Exact match | example.com | example.com |
| Exact match and subdomains | example.com, *.example.com | example.com |
| www.example.com | ||
| api.example.com | ||
| sub.api.example.com | ||
| Match subdomains only | *.example.com | www.example.com |
| api.example.com | ||
| sub.api.example.com |
Networks
The allowed IPv4 and IPv6 network ranges, in CIDR (Classless Inter-Domain Routing) notation.
<IP address>/<prefix length>
See below for sample values.
| Network | Allowed IPs |
|---|---|
| 192.168.1.0/24 | IPs from 192.168.1.0 to 192.168.1.255 |
| 10.0.0.5/32 | A single IP address |
| 2001:db8::/32 | An IPv6 network |