Thursday, August 30, 2012

How to request SAN web server certificate from windows server 2003 CA ?

By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

and restart the certificate services service.

Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :

san:dns=dns.name&dns=dns.name2&dns=dnn.name3&dns=....

For example: if web server is responding on its name (https://server.name) and alias name (https://aliasserver.name), resulting attribute string looks like:
san:dns=server.name&dns=aliasserver.name.

No comments:

Post a Comment