Internal certificates and Subject Alternative Names problem still exists?

[opnsense_user12123]

Could it be, that this Problem using alternative names still exists ?
I tried this Feature with no luck!
Should be solved - really ?

original posting:
https://forum.opnsense.org/index.php?topic=1160.msg3172#msg3172

[franco]

If you ask this way I'm inclined to say yes... There was, however, a bug in 17.7.9 that briefly prevented SAN due to an incompatibility with PHP 7.1 that was subsequently fixed.

So... what version are you on, what issue are you seeing?


Cheers,
Franco

[opnsense_user12123]

The latest version avaible. 17.7.10

[opnsense_user12123]

The problem is that alternative names will not be accepted. Of course you can create the certificate without any problem and export it But then , after importing the certificate On the server the web browser does not accept any of the values I had entered before for the alternative names.
Ip, Uri, DNS.its all the same problem. So I can’t browse the server with any value.

It’s very difficult to describe and my English is not so well but there is a real problem with the alternative names for sure.

[opnsense_user12123]

i got the solution on this!

i had to enable "Log SNI information only".

what does this setting exactly do ?
Is it wrong to enable this feature ?
Does it have any disadvantages ?