Configuring Active Directory Certificate Services to support Subject Alternative Names

With the use of a single command, you can reconfigure Active Directory Certificate Services to support certificates with Subject Alternative Names (SAN). Normally a certificate is tied to a single fully qualified domain name (FQDN). SANs allow SSL certificates to respond correctly to different fully qualified domain names. This way you can have, for example, a single certificate handle requests for mail.contoso.com, owa.contoso.com, smtp.contoso.com and so on.

To configure Active Directory Certificate Services to support Subject Alternative Names, perform the following steps.

On a computer that has Active Directory Certificate Services installed, open an elevated command prompt and enter the command:

Certutil –setreg policy\EditFlags +EDITF_ATTRIBUTESSUBJECTALTNAME2

Once you receive a message that the change has been successfully implemented, restart AD CS. AD CS will now be able to issue certificates that support Subject Alternative Names

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish