Re: Delivering certificate not in the same domain name ?

Since I run Windows 2003 Enterprise Edition, what I did was create a copy of
the existing Web Server certificate template and configured it so that the
information would be supplied in the request. Once I allowed the new
template to be used, I used the web interface (http://server/certsrv) to
request the certificate.

If you wish to support Subject Alternate Names (SAN) under Windows 2003
Certificate Services, you need to turn the option on. Note, this isn't a
setting on the certificate template. You actually have to use certutil to
turn the feature on and the stop/start certificate services. The commands
are...

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

Once you do this, you can request certificates that include the SAN
attribute.


"Pascal" <pascal_t@xxxxxxxxxxxxxxxxxx> wrote in message
news:mn.3b827d841b175097.70874@xxxxxxxxxxxxxxxxxxxxx
Thank you neo but how do you request a certificate for another domain
names than "mycompany.local" ? Through the configuration of Subject
Alternative Name ?

Thanks

Yes, you can issue certificates for other domain names other than
"mycompany.local".

Correct, if issuing self-signed certificates then a copy of the CA
certificate has to be installed on non-domain member workstations and
servers. (Member workstation/servers automatically get a copy installed
at the time of joining the active directory domain.) Once this is done,
no more prompts because a certificate can be verified back to the CA
certificate.

"Pascal" <pascal_t@xxxxxxxxxxxxxxxxxx> wrote in message
news:mn.13097d848c1e7cbc.70874@xxxxxxxxxxxxxxxxxxxxx
Hello,

another question ;-)

If I am installing an enterprise Windows certificate authority, the
delivered certificates have to be delievered only for the same domain
name as my active directory domain name ?

For example, if my domain is "mycompany.local", does it mean that only
certificates for *.mycompany.local can be delivered or I can deliver a
certificate for "www.mywebsite.com" ?

If I can deliver a certificate for www.mywebsite.com and I install the
root certificate of my enterprise CA in the client computer, this
computer will not have any warning message, so ?

Thank you

-- Pascal



--
Pascal




.

Relevant Pages

  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • Re: sfc /scannow wont run
    ... or upgrade installs but I definitely know retail versions do. ... If you have Windows XP Pro installed then do not purchase a Windows XP Home ... This behavior can occur if the certificate for VeriSign time stamping ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: How do i modify the certificates produced by MS Certsrv
    ... This cannot be achieved with a Windows 2000 enterprise CA, ... pages to inlcude a full DN in the certificate subhect in the request. ... > However acording to an extremely vague KB article on the Checkpoint KB you> have to modify the ASP code that produces certificates so that the full LDAP ...
    (microsoft.public.win2000.security)