Enable SAN certificate support in Microsoft Certificate Services

http://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx

By default, a CA that is configured on a Windows Server 2003-based computer does not issue certificates that contain the SAN (Subject Alternative Name) extension. If SAN entries are included in the certificate request, these entries are omitted from the issued certificate. To change this behavior, run the following commands at a command prompt on the server that runs the Certification Authority service. Press ENTER after each command.

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

This changes the following entry in the registry.

SNAG-0011

More information can be found How to Request a Certificate With a Custom Subject Alternative Name

Categories: Computers and Internet · Uncategorized

One Comment

  1. Exchange 2010 SP1 DAG – Step by step (Proof of concept) « Marc Kean Author
    February 15, 2011 at 8:43 am

    […] On the Hub transport server, setup a stand-alone certification authority and enable SAN certificate support – https://marckean.wordpress.com/2010/12/10/how-to-request-a-certificate-with-a-custom-subject-alternat… […]

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s