How fun! I linked to this on last weekend's weekly roundup and am just now getting around to letting you know. (I guess we were busy celebrating Easter!) Thanks so much for sharing!
Ok, I'll check TechNet again. Probably this is the case.
Vadims, generally good article but I think you misunderstand the purpose of EDITF_ATTRIBUTESUBJECTALTNAME2. This flag allows a user to submit a request to the CA with specifying additional attributes containing a SAN. This is actually a very sensitive operation and not recommended to be turned on. You really only want to do this if your templates require manager approval.
You should not need to turn this flag on if the certificate request itself contains the SAN extension.
> Creating the request file for the gateway server, do I need to run the CertReq -New.... from the gateway server and then transfer this back to the certificate server in the Production.com domain?
yes, you're correct.
sorry.... wanted to include in my above question we are configured as a Enterprise CA.
© 2008 - 2020 - Sysadmins LV. All rights reserved