How to request SAN web server certificate from windows server 2003 CA ?

By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

and restart the certificate services service.

Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :

For example: if web server is responding on its name ( and alias name (, resulting attribute string looks like:


Popular posts from this blog

How to convert string to Base64 and vice versa using Powershell

Machine domain group policy failed to apply

Failover Clustering Event 1196 and 1228