Internal - Invalid SAN. Please use commas only to delimit domain alternative names

August 9, 2018

UC Multi-Domain TLS/SSL Certificates
UCC TLS/SSL Certificates or Exchange TLS/SSL are built specifically for the Microsoft Exchange and/or Microsoft Office Communication Server environments.
Organizations using MS® Exchange 2007 or higher Office Communications Server environment can consolidate all certificates – up to 100 - into a single UC Certificate from Comodo CA.

Comodo CA’s UC TLS/SSL certificates provide:

  • Cost savings and a simple certificate management processes
  • Full Subject Alternative Name (SAN) control
  • 128/256 bit encryption, trusted by 99.9% of browsers, servers and clients
  • Certificates designed for MS Exchange and OCS environments
  • One of three official Microsoft UCC vendors
  • $250,000 relying party warranty
  • Unlimited, no fee re-issuance, move/change domains as required

Invalid SAN. Please use commas only to delimit domain alternative names
Check the Certificate SAN limits (it should be maximum up to 100 SANs per certificate)
Check spelling and punctuation
Try it from the API see if you get the same error
Make sure no extra commas, spaces, under scores
Item was failing both via the UI & API.
The reason that CCM gave was there was an invalid SAN but nothing more than that. Digging in to the logs, I could see that something was causing CCM to see one of the SANs as local address. On the surface, there did not appear to be anything wrong.
Try to add the SANs to Notepad++ flip the order of the SANs list, list the SANs that are doubtful at the end of the list then have the customer to paste them again, that’s the only work around we could find to fix this issue
Looks like this issue related to load balancer's request timeout settings, There are couple solution that would fix the problem:
concurrent processing for dcv,
asynchronous enrollment
changes on load balancer side
All of them quite complex. Should be evaluated and added to a sprint