Enable SAN certificate support in Microsoft Certificate Services


By default, a CA that is configured on a Windows Server 2003-based computer does not issue certificates that contain the SAN (Subject Alternative Name) extension. If SAN entries are included in the certificate request, these entries are omitted from the issued certificate. To change this behavior, run the following commands at a command prompt on the server that runs the Certification Authority service. Press ENTER after each command.

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

This changes the following entry in the registry.


More information can be found How to Request a Certificate With a Custom Subject Alternative Name

One Comment

  1. […] On the Hub transport server, setup a stand-alone certification authority and enable SAN certificate support – https://marckean.wordpress.com/2010/12/10/how-to-request-a-certificate-with-a-custom-subject-alternat… […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s