How to request SAN web server certificate from windows server 2003 CA ?

By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

and restart the certificate services service.

Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :

For example: if web server is responding on its name ( and alias name (, resulting attribute string looks like:

No comments:

Post a Comment

DNS Flag Day

Starting from today February 1, 2019 (DNS Flag Day), DNS (Domain Name System) providers will stop supporting DNS servers that are non compl...