Unknown Identity
Unknown Identity 19.02.2011 07:26 (GMT+3) Web server certificate enrollment with SAN extension

Ok, I'll check TechNet again. Probably this is the case.

Unknown Identity
Unknown Identity 19.02.2011 05:19 (GMT+3) Web server certificate enrollment with SAN extension

Vadims, generally good article but I think you misunderstand the purpose of EDITF_ATTRIBUTESUBJECTALTNAME2. This flag allows a user to submit a request to the CA with specifying additional attributes containing a SAN. This is actually a very sensitive operation and not recommended to be turned on. You really only want to do this if your templates require manager approval. You should not need to turn this flag on if the certificate request itself contains the SAN extension.

Unknown Identity
Unknown Identity 25.01.2011 16:58 (GMT+3) Certificate Enrollment for System Center Operations Manager Agent

> Creating the request file for the gateway server, do I need to run the CertReq -New.... from the gateway server and then transfer this back to the certificate server in the Production.com domain? yes, you're correct.

Unknown Identity
Unknown Identity 25.01.2011 08:18 (GMT+3) Certificate Enrollment for System Center Operations Manager Agent

sorry.... wanted to include in my above question we are configured as a Enterprise CA. Thanks, Tom

Unknown Identity
Unknown Identity 25.01.2011 08:11 (GMT+3) Certificate Enrollment for System Center Operations Manager Agent

Hello, I was able to install the cert on the management server, but I'm not able to install on the Gateway server. Before I start giving specific error message, I wanted to make sure I'm doing it correctly. All of our servers are Windows 2008 R2. My Certificate server and management server are in the same domain... say, Production.com. The gateway server is in the dmz (dmz.com) which does not have a trust setup with Production.com. So my first question: Creating the request file for the gateway server, do I need to run the CertReq -New.... from the gateway server and then transfer this back to the certificate server in the Production.com domain? Thanks, tom