Saturday, January 28, 2017

Attempting to generate a certificate request (CSR) on the Avaya Session Border Controller for Enterprise fails with the error: “The Subject Alt name field can not be empty.” or “Subject Alt Name is not properly formatted. See here for more information.”

Problem

You attempt to create a CSR on Avaya Session Border Controller for Enterprise 6.3 000-19-4338:

image

image

image

… but notice that you are unable to generate the CSR if the Subject Alt Name is left blank:

The Subject Alt name field can not be empty.

image

Attempting to fill it in with the Common Name fails with:

Subject Alt Name is not properly formatted. See here for more information.

image

Solution

The reason why the above 2 errors are thrown is because the entry is not supposed to be the FQDN as most Windows administrators are used to but rather an IP address and SIP domain.  The Avaya Session Border Controller should have 2 interfaces, 1 for internal and 1 for external so depending which interface this CSR is for, the format should either be:

IP:1.1.1.1,DNS:external.domain.com

… or:

IP:10.1.1.1,DNS:internal.domain.com

**Note that the certificate for the public interface should be have the public address accessible from the internet and not the internal NAT address.

The CSR should complete once this has been corrected:

image

image

1 comment:

john sun said...

Good article.
I got the same problem “Subject Alt Name is not properly formatted. See here for more information.”"
it is surprised ,Avaya requires to use interface IP address and DNS in the "Subject Alt Name".
Good news, it must be able to apply multiple certs on each interfac