How to request a SAN certificate using MS CA Web enrollment Pages

Works like charm

Ammar Hasayen - Blog

1. Run those commands on the CA server

certutil -setreg policyEditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

2. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:

san:dns=dns.name[&dns=dns.name]

For example : To add two DNS names to the SAN field , you can type :

san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com

Note : Some services requires that the Subject name of the certificate , is also the first entry of the SAN certificate extension . Suppose you are issuing a certificate for Exchange OWA , and you need to include the internal and external URL in one certificate with SAN field . The subject of the certificate will be ( OWAInternal.contoso.com) and the SAN field will be ( OWAInternal.contoso.com, OWAExternal.contoso.com)

View original post

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s