The Insecure Wire

a network engineers perspective

Request a SAN certificate using MS CA Web enrollment Pages

1. Run these commands on the MS CA server:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

2. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:

san:dns=dns.name[&dns=dns.name]

For example : To add two DNS names to the SAN field , you can type:

san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com