If You are using Local Certificate Authority more the often there is a need to enrol Certificate with Subject Alternative Name. Buy when we open Certificate MMC Snap-in the only template we can use to request Certificate is Computer.
The Work around this problem is quite simple we just need to assign Server account ritght to enrol certificate using Web Server template.
Assign Web Server Template to Computer Account
1. Logon to Certificate Authority Server and open Certificate Authority management.
2. Click on Certificate Templates and form Action menu select Manage
3. Next find Web Server and form context menu select properties.
4. In Security Tab add Computer Account (remember to select object type Computers) and assign Read and Enroll rights
Now assigned computer have rights to Enroll certificate using Web Server Template.
Generate Certificate for computer using Web Server Template with Subject Alternative Name
1. Now let’s get back to Computer that is in need for Certificate with Subject Alternative Name and open Certificate MMC Snap-in for Computer Account.
2. Let’s Request new Personal Certificate
3. Now we will be able to Select Web Server Template and configure its properties.
4. The bare minimum we need to fill is:
Common name (CN=) – The default Name of Computer
DNS (DNS Name=) – All the Subject Alternative Names You need.
And the Last thing is to assign Certificate to Bindings and restart the IIS.