Windows: How to generate a SAN certificate via Web enrollment

In environments where you have a Microsoft PKI Infrastructure (AD CA) setup, you can create new certificates via web enrolment: https://ca-server/CertSrv This is straight forward for single-name certificates. If you wish to have multiple names for a certificate (Subject Alternative Names = SAN), you need a certain syntax in the "Atrributes" field of the web page: san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com You can add as many names as you want, separated by "&". Important: Read more [...]