Is it possible to create an internal SSL certificate with Subject Alternative Names

certificate ssl-certificate iis-7 active-directory exchange-2010

Solution 1:

You have to enable SANs on the CA server:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

Solution 2:

A Windows CA certainly can issue a certificate with a Subject Alternate Name, you just need to make a little tweak on the certificate server.

Run the following commands one after another in cmd.exe (you'll need to elevate on Windows Server 2008 or later).

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

You should probably run through Security best practices for allowing SANs in certificates on TechNet before you do, for some things to be aware of.

Related

Best error code for 'generic error'
5 second resolving delay
Stop DHCP client from receiving old IP address on new VLAN
When setting up OpenLDAP for the first time, what are some things to keep in mind?
BackupPc fails with SIGPIPE
Need for Speed Rivals (PC) Buggy Audio
How do you deliberately wake up a monster in a den?
How to assign active skills in Wolcen?
How can I fix my Switch's resolution in docked mode?
Can I increase the power of my Garland of Greatness after the G-Lover seasion has ended?
Can you take off your custom skin's layers in Minecraft Pocket Edition?
Booting up Overwatch stuck on blank screen?