Saturday, October 15, 2011

How to enable SAN certificates in a Windows 2008 R2 Enterprise CA

Open a command prompt windows and enter these commands:
certutil –setreg policy\SubjectAltName enabled
certutil –setreg policy\SubjectAltName2 enabled
net stop certsvc
net start certsvc

Now you can submit your exchange SAN certificate request using this command line:
certreq -submit -attrib "CertificateTemplate:WebServer" c:\tmp\excertreq.req excert.cer
where excertreq.req is the request file and excert.cer is the issued certificate.
In case of error you must convert the .req file to ANSI format from Unicode using notepad.
For more info read Windows 2008 PKI / Certificate Authority (AD CS) basics and How to issue EV SSL certificates from an Enterprise CA

No comments:

Post a Comment