Configuring Active Directory Certificate Services to support Subject Alternative Names

With the use of a single command, you can reconfigure Active Directory Certificate Services to support certificates with Subject Alternative Names (SAN). Normally a certificate is tied to a single fully qualified domain name (FQDN). SANs allow SSL certificates to respond correctly to different fully qualified domain names. This way you can have, for example, a single certificate handle requests for mail.contoso.com, owa.contoso.com, smtp.contoso.com and so on.

To configure Active Directory Certificate Services to support Subject Alternative Names, perform the following steps.

On a computer that has Active Directory Certificate Services installed, open an elevated command prompt and enter the command:

Certutil –setreg policy\EditFlags +EDITF_ATTRIBUTESSUBJECTALTNAME2

Once you receive a message that the change has been successfully implemented, restart AD CS. AD CS will now be able to issue certificates that support Subject Alternative Names

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.

Contributors

Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than a dozen books for Microsoft Press, and he writes the Hyperbole,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×