student-g
asked on
Can windows 2003/2008 CA be used to create self signed SSL certificates with a working SAN fields, ie (no explantion marks in certs)
I recently read question
"How do I use a SAN certificate on exchange 2007 to work with a windows mobile 6 device?"
I am in a similar position to Mandev23. I have standalone root CA. This is used to create certs of external systems. A cert for exchanges webmail would be an example of its use. An enterprise subordinate is used for an internal dev AD. Smartcard certs would be a typical use for the sub ordinate
when I remove the SAN fiield from exchanges certificate request.. and only use the common name..every thing works. As soon as I use self signed certs with SAN fields (explanation marks in the field) my symbian phones stop working.
It seems that RPC/HTTPS clients are not affected, and provided they have the root CA in their cert store..all works well.
"How do I use a SAN certificate on exchange 2007 to work with a windows mobile 6 device?"
I am in a similar position to Mandev23. I have standalone root CA. This is used to create certs of external systems. A cert for exchanges webmail would be an example of its use. An enterprise subordinate is used for an internal dev AD. Smartcard certs would be a typical use for the sub ordinate
when I remove the SAN fiield from exchanges certificate request.. and only use the common name..every thing works. As soon as I use self signed certs with SAN fields (explanation marks in the field) my symbian phones stop working.
It seems that RPC/HTTPS clients are not affected, and provided they have the root CA in their cert store..all works well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was not able to use certreq but was able to generate valid certs. I copied and pasted the requests into http://server/cert/svr website for as standard web certificate and added the attributes manualy.
thank for pointing me in the right direction
thank for pointing me in the right direction
ASKER
many thanks in advance, I'll try the above asap. I have prevsiouly tried to do something simlilar but inject the san options via web interface provided by IIS.