Tuesday, 31 May 2011

Issue a SAN Certificate from a Private Certificate Authority

Without modification the Certificate Authority service built in to Windows does not support SAN certificates which are required for correct operation of Exchange 2007 and Exchange 2010. To support them you need to add an additional flag called EDITF_ATTRIBUTESUBJECTALTNAME2.

To check if the flag already exists on your Certificate Authority open a command prompt and run:
certutil -getreg policy\EditFlags

To add the additional flag run:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Finally you will need to restart the Active Directory Certificate Services service.

1 comment:

  1. From the private certificate authority you can get the offer of the SAN. Get more solutions for your problem and get the command prompt in the right way. With http://www.topaperwritingservices.com/review-superiorpapers-com/ you can write your work for the best deal.


Correction, question or suggestion, it's all welcome here.