Applies To
All versions of Venafi TPP that support the option.
Summary
The Microsoft Certificate Services CA must be configured properly to allow SANs to be added to a certificate issued from their CA. The TPP Documentation has a section on how to do this titled
About using a Microsoft Certificate Services CA
Details
The following setting must be configured in the CA template.
NOTE: This will NOT cause manual disruption of the certificate renewal process in Venafi!
or
These are found by loading the Certificate Templates MMC, finding the actual certificate template, and modifying it. The Certificate Server services MMC will not have this ability.
More Information
Checking the appropriate box (depending on your CA setup) is required per Microsoft.
Despite the text of these highlighted boxes, no manual approval at the CA site is required (unless other configuration values are set that specifically require it). TPP handles all required approvals. This can be confusing because the text is misleading, but it is the correct way to configure your MS CA template properties.
Comments