IT Consultant Everyday Notes

Just some problems/solutions storage

PKI: Enable SAN support on Microsoft CA after server migration.


I migrated my Lab Enterprise CA from Windows Server 2008 R2 to Windows Server 2012 R2. I tried in-place upgrade. Everything seemed to be fine until I tried to request a SAN certificate from it.

It looks like this feature was lost in migration and I needed to re-enable it using

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

command (one line).


Do NOT forget to restart the CA service – the commend makes changes in registry.

More information about SANs and why you may decide to not enable them in this Technet Article

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: