Certificate request not adding SAN

We just installed a CA in our labs and I needed to generate a certificate with a SAN but it seemed that when I ran through the request via the web interface it just ignored the SAN attribute.

Turns out you need to configure your CA to issue Certs with SAN, it’s pretty simple, from an admin command prompt on the CA run:

 

certutil -setreg policyEditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc && net start certsvc

 

After that it recognized the san attribute.

Hope it helps!

About the author