I am trying to get certificates with Subject Alternative Names going in my enterprise. I currently have an enterprise root CA running on Windows 2003 R2 Enterprise. The CA cert has been imported to all of my domain members via group policy years ago. That is working fine. I have a new Windows 2008 R2 Enterprise server which is a subordinate (enterprise?) CA. What I need to be able to do is issue Web Server and Computer certificates with Subject Alternative Names for some web servers and other servers related to Remote Desktop Gateway and Session Host servers.
The Technet Article "How to Request a Certificate With a Custom Subject Alternative " <http://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx
> says that I should not enable EDITF_ATTRIBUTESUBJECTALTN
AME2 because it's a security problem for Enterprise CAs.
When following the instructions for Certificate Enrollment wizard with an enterprise CA, the Web Server Certificate is not available. Only the Computer template is available. It says that I don't have permissions to request the other certificate types.
When I have my new subordinate CA running, my plan is to power down my W2K3R2 root CA.