Uploading a signed certificate with a Subject Alternative Name (SAN) to a worker node instead of the admin node prevents the values from populating in the Okta Access Gateway (OAG) Admin User Interface (UI). Uploading the certificate directly through the admin node management console resolves this issue. After an administrator uploads a signed certificate with a SAN to a worker node, the values do not reflect in the Certificates tab of the Admin UI.
- Okta Access Gateway (OAG)
- Subject Alternative Name (SAN)
- Certificate Management
- Okta Classic Engine
- Okta Identity Engine (OIE)
Uploading the certificate to the worker nodes instead of the admin node causes this issue. Okta requires all application and certificate updates to occur on the admin node to reflect those changes across all nodes.
How are the SAN and Issuer values populated for signed certificates?
The OAG Admin UI retrieves SAN and issuer metadata directly from the certificate file stored on the Admin node. Because it does not query worker nodes for these details, the certificate must be uploaded specifically to the Admin appliance.
To resolve the issue, access the admin node management console and upload the signed certificate directly to the admin node to ensure the values populate correctly.
- Navigate to the Admin node management console.
- Upload the signed certificate.
