Views:

There are several reasons why your SSL may not have generated automatically. Check the following:

  • Domain/Subject Alternative Names (SANs)

    Check if the domain or SAN has been approved in your account. If not, Trend Micro will review and manually verify the information. Once completed, they will issue the certificate for you.

  • IP address or internal server names in the CSR

    Internal server name and IP address certs have essentially been forbidden by the CA/Browser Forum, as they present a serious security risk to the customer. Essentially, a malicious person could get one of these certs in the same name (as no CA can vet an internal server name and IP address to a unique owner), then hack inside a corporate system and imitate the company’s own internal server name certs or IP address certs and read confidential mail or files, etc. For this reason, our certificate issuance system will not process CSRs that contain internal server names or IP addresses.

    You can cancel your certificate request and generate a new CSR or have Trend Micro remove the IP addresses/internal server names and issue the certificate without those domains.

  • Your certificate may have been stopped by Trend Micro’s internal fraud checking filter.

    Your CSR may contain abbreviations or similar words that appear on the fraud list. The Trend Micro will review your domains to determine if there are any issues. Any domain that does not pass manual verification will be removed from your CSR and the certificate will then be generated for you.

Make sure the time gap between Deep Security Manager (DSM) and Deep Security Agent (DSA) is within 24 hours. Otherwise, it may cause "SSL certificate signature verification failed" issue.

Keywords: failed to generate,check the domain ,internal address ,IP address certs not allowed,remove IP address,check for fraud issues,ssl certificate signature verification failed