Utiliser une autorité de certification interne pour les SAN Exchange 2007/2010
Suite à un échange avec Frédéric BAYEUX sur les certificats SAN et les autorités de certification MICROSOFT intégrées aux serveurs Windows, il me disait avoir du chercher la commande pour autoriser les certificats SAN...
Donc je me suis dit qu'il fallait le remettre en avant!
Submitting the SAN Certificate to a Microsoft Certificate Authority
With the SAN SSL certificate request generated, we can submit it to our Microsoft CA, or almost that is. The reason I why I say so, is because by default a Microsoft CA cannot handle certificates with the SAN field properly. To fix this issue log on to the Domain Controller and open a command prompt window, then type the following command:
Certutil –setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
Now restart Certificate Services (CertSVC) service on the Microsoft CA server (Domain Controller) in order to have the changes applied
We’re now ready to submit the certificate request to the Microsoft CA. One way to do this is to open a browser and type http://dc_name/certsrv. On the Welcome page, click Request a certificate
/http%3A%2F%2Fblog.hametbenoit.info%2FLists%2FPosts%2FAttachments%2F443%2Fimage_thumb_6_7CE6C925.png)
/https%3A%2F%2Fassets.over-blog.com%2Ft%2Fcedistic%2Fcamera.png)