How to request a SAN certificate using MS CA Web enrollment Pages

Works like charm

Ammar Hasayen - Blog

1. Run those commands on the CA server

certutil -setreg policyEditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

2. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:[&]

For example : To add two DNS names to the SAN field , you can type :

Note : Some services requires that the Subject name of the certificate , is also the first entry of the SAN certificate extension . Suppose you are issuing a certificate for Exchange OWA , and you need to include the internal and external URL in one certificate with SAN field . The subject of the certificate will be ( and the SAN field will be (,

View original post