Configuring Active Directory Certificate Services to support Subject Alternative Names

With the use of a single command, you can reconfigure Active Directory Certificate Services to support certificates with Subject Alternative Names (SAN). Normally a certificate is tied to a single fully qualified domain name (FQDN). SANs allow SSL certificates to respond correctly to different fully qualified domain names. This way you can have, for example, a single certificate handle requests for,, and so on.

To configure Active Directory Certificate Services to support Subject Alternative Names, perform the following steps.

On a computer that has Active Directory Certificate Services installed, open an elevated command prompt and enter the command:

Certutil –setreg policy\EditFlags +EDITF_ATTRIBUTESSUBJECTALTNAME2

Once you receive a message that the change has been successfully implemented, restart AD CS. AD CS will now be able to issue certificates that support Subject Alternative Names

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.


Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than thirty books for Microsoft Press, founded the Melbourne System Center,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×