Info: How to use the feature: Automatically include the CN as a SAN with an MS CA

Applies To

All versions of Venafi TPP that support the option.


The Microsoft Certificate Services CA must be configured properly to allow SANs to be added to a certificate issued from their CA.  The TPP Documentation has a section on how to do this titled 

About using a Microsoft Certificate Services CA



The following setting must be configured in the CA template.

NOTE: This will NOT cause manual disruption of the certificate renewal process in Venafi!



These are found by loading the Certificate Templates MMC, finding the actual certificate template, and modifying it. The Certificate Server services MMC will not have this ability.

More Information

Checking the appropriate box (depending on your CA setup) is required per Microsoft.

Despite the text of these highlighted boxes, no manual approval at the CA site is required (unless other configuration values are set that specifically require it).  TPP handles all required approvals.  This can be confusing because the text is misleading, but it is the correct way to configure your MS CA template properties.

Was this article helpful?
0 out of 1 found this helpful