Plus, new certificates generated that way still give a big warning since Chrome 58-- they don't have the X509v3 SAN extension which is now mandatory apparently.
C:\> "\Program Files\Dell\SysMgt\rac5\racadm.exe" -r dracname.dom.ain -u root -p redacted sslcsrgen -g -f dracname.dom.ain.csr Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Continuing execution. Use -S option for racadm to stop execution on certificate-related errors. CSR generated and downloaded from RAC successfully C:\> certreq -submit -attrib "san:dns=dracname.dom.ain\nCertificateTemplate: WebServer" dracname.dom.ain.csr dracname.dom.ain.crt Active Directory Enrollment Policy {BFF41397-4CCE-41B5-AD8E-A029B2C2353B} ldap: RequestId: 104238 RequestId: "104238" Certificate retrieved(Issued) Issued The certificate validity period will be shorter than the WebServer Certificate Tem plate specifies, because the template validity period is longer than the maximum certificate validity period allowed by the CA. Consider renewing the CA certificate, reducing the template validity period, or increasing the registry validit y period. C:\> "\Program Files\Dell\SysMgt\rac5\racadm.exe" -r dracname.dom.ain -u root -p redacted sslcertupload -t 1 -f dracname.dom.ain.crt Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Continuing execution. Use -S option for racadm to stop execution on certificate-related errors. Certificate successfully uploaded to the RAC. The RAC will now reset to enable the new certificate and may be offline temporarily. C:\> "\Program Files\Dell\SysMgt\rac5\racadm.exe" -r dracname.dom.ain -u root -p redacted sslcertview -t 1 Serial Number : redacted Subject Information: Country Code (CC) : AU State (S) : Some-State Locality (L) : MyTown Organization (O) : Internet Widgits Pty Ltd Organizational Unit (OU) : World Wide Web Pty Ltd Common Name (CN) : *.dom.ain Issuer Information: Common Name (CN) : AD DOM.AIN Root Trust CA Valid From : Mar 6 16:01:02 2018 GMT Valid To : Nov 6 15:13:19 2019 GMT
And the warning goes away for another year. And it took me less time to figure out how to automate it (throw the above commands into a .bat) than it would have to loop through all of them with a browser!
--Joe