Skip to main content
 Agile technology for the Agile business
Sign In
San Diego Computer & Network Consulting Experts 
Go Search
 
Home
Our Microsoft Expertise
Our Services
Microsoft Solutions Blog
About Gilham Consulting
Contact Us
Support Portal
  

Categories
Sharepoint 2007
Network Services
Windows Mobile
Security
Virtualization
Windows Deployment
Windows Storage
Exchange 2007
IT Management
Office Communications 2007
Systems Center
Terminal Services
Personal Technology
Powershell
SQL Server
Response Point
Active Directory
Cloud Computing
Dynamics CRM
Exchange 2010
Sharepoint 2010
OCS 2010
Office 2010
Business Automation

 
z
Home > Gilham Consulting Microsoft Notepad > Posts > Enabling Subject Alternative Names (SAN) in Windows 2008 Certificate Server

12/10/2008

Enabling Subject Alternative Names (SAN) in Windows 2008 Certificate Server

Quick note from the field on enabling SAN support on Windows 2008 Certificate Server.

From the command line on the certificate server run:

  1. certutil –setreg policy\SubjectAltName enabled
  2. certutil –setreg policy\SubjectAltName2 enabled
  3. Restart the certificate service

References:

Registry entries with Certificate Services (Windows 2003)
http://technet.microsoft.com/en-us/library/cc780742.aspx

SubjectAltName
Registry Path

CertSvc\Configuration\CAName\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\SubjectAltName

Version

Windows Server 2003 and Windows 2000 Server

This setting uses an OID for the SubjAltName extension of an issued certificate. This setting is almost never used.

SubjectAltName2
Registry Path

CertSvc\Configuration\CAName\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\SubjectAltName2

Version

Windows Server 2003 and Windows 2000 Server

This setting makes it possible for a stand-alone CA to place in the SubjAltName extension of an issued certificate the e-mail address of the authenticated user making the certificate request. This setting is rarely used.

Certificate Deployment Planning
http://technet.microsoft.com/en-us/library/cc732809.aspx

  • For user certificates, the Subject Alternative Name (SubjectAltName) extension, if used, must contain the user principal name (UPN). By default, the User certificate template is configured with the UPN.
  • For computer certificates, the SubjectAltName extension, if used, must contain the computer's fully qualified domain name (FQDN), which is also called the DNS name. By default, the Workstation Authentication certificate template is not configured with this value and must be reconfigured to meet this requirement according to the instructions in Configure the Workstation Authentication Certificate Template.
Posted at 8:31 PM by John Gilham | Category: Active Directory | Permalink | Email this Post | Comments (0)

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Title


Body *


CommentUrl


Attachments

 Latest Reader Comments
OCS 2007 R2 support for SQL 2008 DB mirroringSQL Server 2008 Mirroring in Standard Edition
what about iPhone 4.0?Configuring Exchange Server 2007 ActiveSync for iPhone OS 3.1 (and prior)
CAS Array in Hyper-VHow to setup an Exchange 2010 CAS Array to Load Balance MAPI
Disallow all agents except SharePoint?Useful SharePoint 2007 (MOSS 2007 SEO) configuration with robots.txt file for public facing SharePoint 2007 sites.
Cloud PBXMicrosoft OCS 2010 Is Coming To Unified Communications, PBX Killer
smart cardHow To: Configure Microsoft Remote Desktop Client and Smart Card Authentication
Profiles missing from ImportImporting and Deleting User Profiles in Sharepoint;Filtering Disabled Users from Import; Managing MySite of Deleted Users
Thank youManual Uninstall of SQL 2005 (32bit / 64bit) SQL Server or Express (including Reporting Services)
Auto-deletes all mysites after Full Import ScheduleImporting and Deleting User Profiles in Sharepoint;Filtering Disabled Users from Import; Managing MySite of Deleted Users
PerfectManual Uninstall of SQL 2005 (32bit / 64bit) SQL Server or Express (including Reporting Services)

 Subscribe and Bookmark

 Last 20 Articles
Category
Remote Desktop Connection Manager (RDCMan)
Windows Deployment
 
SharePoint Server 2010 Product Licensing Details
Sharepoint 2010
 
Manage Windows 7 Power Options from the Command Line
Windows Deployment
 
Download details: Windows Phone 7 Training Kit for Developers - April 2010 CTP
Windows Mobile
 
Clustering Remote Desktop Connection (RDC) Broker for High Availability when Deploying Microsoft VDI
Virtualization
 
SharePoint 2010 Reference .Net Software Development Kit (SDK)
Sharepoint 2010
 
Microsoft Private Cloud “AppFabric” Prepares for Release
Cloud Computing
 
Malware and Virus Scanning Architecture in Forefront Threat Management Gateway (TMG) 2010
Security
 
Best Practices Analyzer (BPA) for HYPER-V (RTM and R2)
Virtualization
 
Microsoft Threat Management Gateway (TMG) 2010 - Key Features & Capabilities
Security
 
The forecast is sunny for [Microsoft] cloud services.
Cloud Computing
 
Microsoft announces "RemoteFX," the Calista-based Hyper-V-requiring PC-over-IP competitor
Virtualization
 
Dynamic Memory (aka Memory Overcommit) Coming To Hyper-V
Virtualization
 
SharePoint Overwhelms Business Intelligence - Gartner
Sharepoint 2010
 
Active Directory Power Tool: AD Explorer (and Editor)
Active Directory
 
Protect your Business Information for Free using Encrypting File System (EFS)
Security
 
How to: Integrate Office Communications Server (OCS) 2007 R2 with Exchange 2010 OWA/CAS
Exchange 2010
 
Microsoft Forefront Identity Manager (FIM) 2010 Released
Security
 
Microsoft Thinks VDI Might Not be the Answer to Every Desktop Scenario
Windows Deployment
 
Creating Hyper-V Virtual Machine Templates for VDI or SCVMM Library
Virtualization
 

Contact Us  |   San Diego, California

Copyright 2007-2009 Gilham Consulting - All rights reserved