Which name must you include in the CSR?

Topic 4, Misc. Questions

You plan to deploy an Azure Stack Hub integrated system that will be disconnected from the internet. The integrated system region name is region1, and the external domain is name is contoso.local.

You need to ensure that the generated certificate signing request (CSR) has the correct

subjects and subject alternative names (SAN).

Which name must you include in the CSR?
A . graph.region1.contoso.local
B. graph.local.azurestack.external
C. *.hosting.region1.azurestack.local
D. *.adminhosting.region 1.azurestack.local

View Answer

Answer: D

Explanation:

You can deploy and use Azure Stack Hub without a connection to the internet. However, with a disconnected deployment, you’re limited to an Active Directory Federation Services (AD FS) identity store and the capacity-based billing model. Because multitenancy requires the use of Azure Active Directory (Azure AD), multitenancy isn’t supported for disconnected deployments.

The implementation of Extension Host requires two wild card SSL certificates, one for the Admin portal and one for the Tenant portal.

Note: Certificate requirements

The extension host implements two new domain namespaces to guarantee unique host entries for each portal extension. The new domain namespaces require two additional wildcard certificates to ensure secure communication.

The table shows the new namespaces and the associated certificates:

Table

Description automatically generated

Example:

$regionName = ‘east’# The region name for your Azure Stack Hub deployment

$externalFQDN = ‘azurestack.contoso.com’ # The external FQDN for your Azure Stack Hub deployment

Starting Certificate Request Process for Deployment CSR generating for following SAN(s):

*.adminhosting.east.azurestack.contoso.com,*.adminvault.east.azurestack.contoso.com,*.b lob.east.azurestack.contoso.com,*.hosting.east.azurestack.contoso.com,*.queue.east.azur estack.contoso.com,*.table.east.azurestack.contoso.com,*.vault.east.azurestack.contoso.c om,adminmanagement.east.azurestack.contoso.com,adminportal.east.azurestack.contoso. com,management.east.azurestack.contoso.com,portal.east.azurestack.contoso.com Present this CSR to your Certificate Authority for Certificate Generation: C:UsersusernameDocumentsAzureStackCSRDeployment_east_azurestack_contoso_c om_SingleCSR_CertRequest_20200710165538.req Certreq.exe output: CertReq: Request Created

Reference:

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-disconnected-deployment

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-extension-host-prepare

https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-get-pki-certs