Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 25, 2012 9:31 PM
I am trying to create certificates for use with HP ilo.
The default request created is a blob between BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.
In other words not an inf type file that I can edit.
The certificate created when I use the above request uses the short name of the machine for the Subject Name. I would like to add the fqdn, and the ip address to the subject alternative name field, so I can connect with either:
shortname, fqdn, or ip address, and not get a certficate error popup.
What is the syntax to do this with certreq?
All replies (3)
Thursday, January 26, 2012 12:38 AM âś…Answered
To do this, you must enable the Subject Alternative Name option at the CA (this is required because the SAN is not part of the original request, but tagged on during submission of the request.
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc
Then resubmit the reques using the same command as your previous post
Brian
Wednesday, January 25, 2012 10:01 PM
Further digging had me construct the following command:
certreq -submit -attrib "CertificateTemplate:HPilo\nSAN:dns=ilo-veeam.mshs.com&ipaddress=10.0.10.27" ilo-veeam.req.txt
Unfortunately the certificate issued did not have any Subject Alternative Name information.
Thursday, January 26, 2012 6:18 AM
However, I would advice to avoid this flag usage, because it is unsafe. General guidance here is described here:
http://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference: on TechNet wiki