When requesting certificates from your freshly installed Certification Authority, it can come in handy to specify multiple DNS names that this certificate should be valid for. This principle is known as specifying a list of "subject alternate names" that the server is also reachable under.
Unfortunately, this mechanism doesn't work out of the box with Windows CA's. On your CA, you first need to enable a setting that allows the usage of SAN attributes. Open a command box and type (on one line):
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2net stop CertSvc & net start CertSvcAfterwards, use the
SAN:dns=&dns= attribute when requesting certificates to enable multiple DNS names.
1 comment:
It was really key trigger information about SAN certificate, because without set up of multiple DNS and other internal setting. It won't work. We appreciate your effort about SAN Certificate. Thanks for sharing with us this key secret of SAN Certificate.
Post a Comment