Windows, Windows Server 2008 R2, Windows Server 2012 R2

Windows: How to generate a SAN certificate via Web enrollment

Leave a comment

In environments where you have a Microsoft PKI Infrastructure (AD CA) setup, you can create new certificates via web enrolment:

https://ca-server/CertSrv

This is straight forward for single-name certificates. If you wish to have multiple names for a certificate (Subject Alternative Names = SAN), you need a certain syntax in the "Atrributes" field of the web page:

san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com

You can add as many names as you want, separated by "&".

Important: With the latest version of Chrome and other browsers,  SANs are mandatory. This means you have to put the subject name + the SAN. Always put the name you have for the subject name also in the SAN.

Leave a Reply

Your email address will not be published. Required fields are marked *