To begin the SAN
The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. Attribute Policy Handler installation, execute the KeyfactorCAModuleInstaller.msi file from the Keyfactor installation media and install as follows.
-
On the first installation page, click Next to begin the setup wizard.
Figure 579: Install SAN Attribute Policy Handler: Begin Setup Wizard
- On the next page, read and accept the license agreement and click Next.
-
On the next page, select the components to install. For the SAN Attribute Policy Handler, deselect all the components except the SAN Attribute Policy Handler component. If desired, you can highlight Keyfactor Custom Policy Module and click Browse to select an alternate installation location for the files. The default installation location is:
C:\Program Files\Keyfactor\Keyfactor CA Modules
Figure 580: Install SAN Attribute Policy Handler: Select Components
- On the next screen, click Install.
- On the final installation wizard page, leave the Launch the CA MMC snap-in now box selected and click Finish. The Microsoft Certification Authority management tool should start automatically. This can take several seconds.
- In the Certification Authority management tool, right-click the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. name at the top of the tree and choose Properties.
-
In the Properties dialog for the CA on the CA Policy Module tab, click Select, highlight the Keyfactor Custom Policy Module in the Set Active Policy Module dialog and click OK.
Figure 581: Enable the Keyfactor CA Policy Module
- In the Properties dialog for the CA on the CA Policy Module tab, click Properties.
-
On the Licensing tab of the Policy Module Configuration Properties page, click Upload License and browse to locate the license file provided to you by Keyfactor. This file should have the extension CMSLICENSE.
Figure 582: Upload the Keyfactor CA Policy Module License
-
On the Custom Handlers tab of the Policy Module Configuration Properties page, highlight the SAN Attribute Policy Handler under Loaded Handlers, click Load to move it over to the loaded handlers, and click OK.
Figure 583: Enable the SAN Attribute Policy Handler
- On the Custom Handlers tab of the Policy Module Configuration Properties page, highlight the SAN Attribute Policy Handler under Loaded Handlers and click Configure.
-
On SAN Attribute Policy Handler configuration dialog, select the templates that should be under management by the SAN Attribute policy handler and click Add. Certificate enrollments from any source made using the templates selected here on the configured CA and a CSR
A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). method will allow the addition of SANs not included in the CSR and control the SAN addition functionality on a template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.-by-template basis without the need to enable the Microsoft CA EDITF_ATTRIBUTESUBJECTALTNAME2 flag.
Figure 584: Add Templates for Management with the SAN Attribute Policy Handler
- Click OK as many times as needed to close the configuration dialogs and save the configuration. You will be prompted to restart the CA services.