Enabling Subject Alternative Names (SAN) in Windows 2008 Certificate Server

Home

Your Advanced Microsoft Technology Consulting Partner

San Diego Computer & Network Consulting Experts

Advanced Microsoft Network Solution Experts
Planning, Design, Managed Services & Support

Contact a Gilham Consulting Sales Representative

Gilham Consulting Microsoft Notepad

12/10/2008

Enabling Subject Alternative Names (SAN) in Windows 2008 Certificate Server

Quick note from the field on enabling SAN support on Windows 2008 Certificate Server.

From the command line on the certificate server run:

certutil –setreg policy\SubjectAltName enabled
certutil –setreg policy\SubjectAltName2 enabled
Restart the certificate service

References:

Registry entries with Certificate Services (Windows 2003)
http://technet.microsoft.com/en-us/library/cc780742.aspx

SubjectAltName

Registry Path

CertSvc\Configuration\CAName\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\SubjectAltName
Version

Windows Server 2003 and Windows 2000 Server
This setting uses an OID for the SubjAltName extension of an issued certificate. This setting is almost never used.
SubjectAltName2

Registry Path

CertSvc\Configuration\CAName\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\SubjectAltName2
Version

Windows Server 2003 and Windows 2000 Server
This setting makes it possible for a stand-alone CA to place in the SubjAltName extension of an issued certificate the e-mail address of the authenticated user making the certificate request. This setting is rarely used.

Certificate Deployment Planning
http://technet.microsoft.com/en-us/library/cc732809.aspx

For user certificates, the Subject Alternative Name (SubjectAltName) extension, if used, must contain the user principal name (UPN). By default, the User certificate template is configured with the UPN.
For computer certificates, the SubjectAltName extension, if used, must contain the computer's fully qualified domain name (FQDN), which is also called the DNS name. By default, the Workstation Authentication certificate template is not configured with this value and must be reconfigured to meet this requirement according to the instructions in Configure the Workstation Authentication Certificate Template.

Posted at 8:31 PM by John Gilham | Category: Active Directory | Permalink | Email this Post | Comments (0)

RSS Feed

Comments

There are no comments yet for this post.

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Title

Body *

CommentUrl

Attachments

Latest Reader Comments

Title

Post Title

Ready made solution now available for this.

Redirection options in SharePoint and IIS using URL variables or SharePoint Redirect pages.

What I desperately need.

SIP NAT Session Tutorial: How Office Communicator Uses SDP and ICE To Establish a Media Channel

Virtulization Support in OCS 2007 R2

Office Communications Server (OCS) 2007 R2 Hardware Requirements

Script to automate installation of Exchange 2010 beta 1 prerequisites

How to: Step by Step Guide to Install Exchange Server 2010 Beta

Which of those servers can be virtualize without risking performance?

Office Communications Server (OCS) 2007 R2 Hardware Requirements

Re: P2V Fails When Source Server Has IIS SSL Certificate on Virtual Machine Manager 2008 (VMM 2008)

P2V Fails When Source Server Has IIS SSL Certificate on Virtual Machine Manager 2008 (VMM 2008)

FCS cache file overload

Understanding Forefront Client Security (FCS) Definition Files

More MS BI demos

Microsoft Solutions for Business Intelligence and Performance Management: How to Go From Data to Decisions

Disappointing

NTBackup missing from Windows Server 2008 (Win2008)? It's no longer there. Death to the Tape Drive...

Thank you so much.

Installing Windows Vista Drivers on EEE PC 1000 Netbook

Subscribe and Bookmark

Get Your Own Real Time Visitor Map!

Last 20 Articles

Title

Category

Creating Exchange 2010 Database Availability Groups
	Exchange 2010

Microsoft Active Directory and DNS IT Environment Health Scanner – Troubleshoot Active Directory Problems for Free
	Active Directory

Free SharePoint Developer Training (FBA, Content Publishing, Silverlight)
	Sharepoint 2007

Automated Deployments of Windows 7 and Windows Server 2008 R2 with Microsoft Deployment Toolkit 2010
	Windows Deployment

SConfig GUI Eases Management Initial of Windows Server 2008 R2 Core Configuration
	Windows Deployment

Active Directory Troubleshooting: How Windows Handles Isolated Username Logon (No domain or UPN)
	Active Directory

California Updates Corporate E-Discovery Rules
	IT Management

Server Migration Made Easy With Microsoft File Server Migration Toolkit 1.2
	Windows Storage

Automating Windows Server Deployment SCVMM Sample Unattend.XML for Windows Server 2008 R2
	Windows Deployment

Implementing a OCSP Responder for Certificate Services in Windows 2008
	Active Directory

DFS Replication on a Windows 2008 Failover Cluster
	Windows Storage

Active Directory and Active Directory Domain Services Firewall Port Requirements
	Active Directory

Microsoft RDP 7+ Protocol Includes Remote GPU Acceleration
	Terminal Services

Introducing the DirectAccess solution for Microsoft Forefront UAG
	Network Services

Microsoft a Leader In Security
	Security

Pros and Cons of Desktop Virtualization (VDI) – Tough to Generate Initial ROI
	Virtualization

Windows Optimized Desktop Scenarios 1.1 Solution Accelerator
	Windows Deployment

Migrate DPM 2007 Datasource To Another Disk
	Systems Center

Error Using Exchange 2010 Beta Console with OCS Enabled Admin User
	Exchange 2010

Configuring RemoteApp and Desktop Connections
	Terminal Services

Contact Us | San Diego, California

San Diego Computer Consulting - San Diego IT Consulting - San Diego IT Support - San Diego Managed IT Services
San Diego Network Security Consulting - San Diego VOIP Phone System for Business