Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

FAQ: How do I configure a certificate to use multiple subject names?

It's a pretty commonly asked question. People want to use different subject names on the Internet and intranet for their MPs. This isn't hard to do, and it requires something called a Subject Alternative Name, often abbreviated as SAN. The SAN can contain multiple alternate names. The SAN will take precedent over the common name (CN), or the regular subject name for a certificate. This is important because it means that if you have "hostnameA" in the CN, and "hostnameB" in the SAN, "hostnameA" will cause a CN mismatch. You will have to have a SAN for "hostnameA" and "hostnameB" for both to work.

To request certificates with SANs, you have to first configure your CA to support them. On Microsoft CAs, SAN support is not enabled for general requests by default. To enable this, run the following command on your CA server: certutil.exe -setreg policy\editflags +EDITF_ATTRIBUTESUBJECTALTNAME2

You MUST restart Certificate Services after doing this.(continue at source)

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.