SSL Certifcate Request s2003 DC CA DNS Name not Avaiable.
- by Beuy
I am trying to submit a request for an SSL certificate on a Domain Controller in order to enable LDAP SSL, and having no end of problems.
I am following the information provided at http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 & http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
Steps taken so far:
Create Servername.inf with the following information
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "CN=servername.domain.loc" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-----------------------------------------------
Create Certificate request by running: certreq -new Servername.inf Servername.req
Attempt to submit Certificate request to CA by running: certreq -submit -attrib "CertificateTemplate: DomainController" request.req
At which point I get the following error:
The DNS name is unavailable and cannot be added to the Subject Alternate Name.
0x8009480f (-2146875377)
Trouble shooting steps I have taken so far
1. Modify the Domain Controller Template to supply Subject Name in Request restart Certificate Service, include SAN in Request, same error.
2. Re-installed Certificate Services / IIS / Restarted machine countless times
Any help resolving the issue would be greatly appreciated.
