With the use of a single command, you can reconfigure Active Directory Certificate Services to support certificates with Subject Alternative Names (SAN). Normally a certificate is tied to a single fully qualified domain name (FQDN). SANs allow SSL certificates to respond correctly to different fully qualified domain names. This way you can have, for example, a single certificate handle requests for mail.contoso.com, owa.contoso.com, smtp.contoso.com and so on.
To configure Active Directory Certificate Services to support Subject Alternative Names, perform the following steps.
On a computer that has Active Directory Certificate Services installed, open an elevated command prompt and enter the command:
Certutil –setreg policy\EditFlags +EDITF_ATTRIBUTESSUBJECTALTNAME2
Once you receive a message that the change has been successfully implemented, restart AD CS. AD CS will now be able to issue certificates that support Subject Alternative Names