Helping out a bit with the CA at work, so just putting these down here so I don’t forget later.
For managing user certificates: certmgr.msc
.
For managing computer certificates: certlm.msc
.
Using CA Web enrollment pages and SAN attributes requires EDITF_ATTRIBUTESUBJECTALTNAME2 to be enabled on your CA.
Enable it thus:
1 2 3 |
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 net stop certsvc net start certsvc |
When making a request, in the attributes field enter the following for the SANs: san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com
.