Re: Adding a subject alternative name to a request...

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 11/09/04


Date: Tue, 9 Nov 2004 05:16:02 -0800

This whitepaper should help you:

advanced certificate enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Sebastian Rieger" <sebastian.rieger@gwdg.de> wrote in message 
news:Oc8txjaxEHA.2192@TK2MSFTNGP14.phx.gbl...
> Hi All,
>
> I'm looking for a possibility to add a subject alternative name 
> (2.5.29.17) extension to an existing request either with a windows script, 
> an asp script or preferably from the command line. I tried adding it by 
> using:
>
> certutil -setextension <req_id> 2.5.29.17 0 "DNS-Name=test.test.com"
>
> the extension was added (I can see it using -dump) but it's value is 
> listed as "unknown type". Afterwards I tried to add the extension using a 
> hex file containing 0x82 0x<length of FQDN> ... didn't do any better... 
> dump keeps telling me (on the issued cert):
>
>     2.5.29.17: Flags = 0, Lšnge = a
>     Alternativer Antragstellername
>     Unbekannter Erweiterungstyp
>
>     0000  82 1d 77 77 77 2e 74 65  73 2e 64 65              ..www.tes.de
>
> Any advice / help appreciated!
>
> Sebastian Rieger