Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

NetSUS SSL query

Hi.

I was hoping someone here could advise me with a NetSUS query?

I'm trying to generate a CSR to get our cert renewed. However, using the web interface it only generates a 2048-bit file, and we need a 4096-bit. I also noted that it only uses the servers CN as well, and given the recent changes to how Chrome is ceasing support of CN certs, I also need to add some SANs to the request, and I can't see a way to add them using the web interface.

Its the VM appliance version of NetSUS, running on Ubuntu 14.04. Is there a way this can be customised, or done via a command line to generate a CSR that meets our requirements?

Regards,

Ian

Like Comment
Order by:
SOLVED Posted: by Asnyder

@uoscasper You could look into using openssl https://wiki.openssl.org/index.php/Manual:Openssl(1)

Another option would be cert bot. I believe with cert bot the cert only lasts 30 days but it can be set to auto-renew.

Like
SOLVED Posted: by jelockwood

Adding SAN entries with the openssl command line is a pig. Download the free Java app XCA which acts as a front-end for openssl. This makes it much easier to both generate CSR and certs with additional settings like SAN entries.

See [https://sourceforge.net/projects/xca/](link https://sourceforge.net/projects/xca/)

You can also create templates and via that should be able to define common settings like key length.

Note: key length is the length of your private key. This is not related directly to a CSR since you will have created your private key before creating a CSR. Also renewing a cert should renew it against the same original key so if the key is already 4096 bits it should remain 4096 bits.

For what it's worth Apple's KeyChain Access utility is incapable of doing SAN entries.

Like