The Insecure Wire

a network engineers perspective

Monthly Archives: April 2019

Request a SAN certificate using MS CA Web enrollment Pages

1. Run these commands on the MS CA server: certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 net stop certsvc net start certsvc 2. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form: san:dns=dns.name[&dns=dns.name] For example : To add two DNS names to the SAN field , you can type: san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com