Error 9318 is returned when using alternative hostname

Error 9318 is returned when specifying an alternative hostname in the CONNECT() method to make an SSL connection against a server that uses Subject Alternative Names.
Getting error 9318 when using Subject Alternative Names to make an SSL connection.
 

The certificate returned by the server contains Subject Alternative Names for the hostname. For example, the certificate Subject Alternative Names in the server's certificate keystore are:

hostA
hostB
hostC

In this example, assume that hostA is part of the certificate Subject Name. So this is the main certificate. The SSL connection is successful if hostA is used within the CONNECT() method.

This is expected behavior with versions earlier to OE 11.7. OpenEdge does not support certificates with Subject Alternative Names in previous versions to 11.7.

Upgrade to 11.7. An enhancement was implemented in OpenEdge version 11.7.  If updating is not an option please use the workaround below.

Create a separate server certificate for each hostname instead of adding alternative hostnames in one server certificate.

Progress Article(s):

 How to create one's own CA root certificate using OpenSSL to sign IIS certificate request for use with SSL
How to create self-signed SSL certificates in OpenEdge
 Steps to create a self signed SSL certificate from scratch on unix or linux


References to Other Documentation:

Core Business Services - Security and Auditing
Security : Public-Key Infrastructure (PKI) : Trust relationships and supporting mechanisms : Digital certificates and certificate store : Adding Subject Alternative Name (SAN) to a digital certificate