By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:
and restart the certificate services service.
Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :
For example: if web server is responding on its name (https://server.name) and alias name (https://aliasserver.name), resulting attribute string looks like:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
and restart the certificate services service.
Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :
san:dns=dns.name&dns=dns.name2&dns=dnn.name3&dns=....
For example: if web server is responding on its name (https://server.name) and alias name (https://aliasserver.name), resulting attribute string looks like:
san:dns=server.name&dns=aliasserver.name.
No comments:
Post a Comment