The Certificate Authority in Windows 2008 R2 cannot issue Subject Alternative Name certificates in it’s default configuration. Therefore if you include a SAN entry (like for Exchange) the CA will issue your certificate, but omit all the SAN entries
To allow your CA to issue SAN certificates you need to run the following from an administrative command prompt:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc
This is not necessary on a Windows 2012 and above.
No comments:
Post a Comment