Jump to content


ranmojo

Subject Alternative Names for Distribution Point Certificate?

Recommended Posts

Hello everyone,

 

I am setting up IBCM and am looking at the DP cert requirements. In the TechNet documentation and walk throughs, this cert is often configured for auto enrollment from ADCS with private key marked exportable. There's no mention of Subject Alternative Names... but my spidey sense is that I need them to share the cert properly. My question is, if I have a primary site server and an Internet site server (for IBCM), would I need to request this cert with SANs? Would the SANs need to include the internal server name, the external server name, AND the Internet FQDN name? And then I would install this cert on both servers?

 

 

 

(Update) I failed slightly at reading comprehension, a different TechNet page than I originally reviewed DOES at least say this about the DP cert:

https://technet.microsoft.com/en-us/library/gg699362.aspx

 

"There are no specific requirements for the certificate Subject or Subject Alternative Name (SAN), and you can use the same certificate for multiple distribution points. However, we recommend a different certificate for each distribution point."

 

Interesting. So I can share the cert, but they suggest not to. And the SAN doesn't seem to matter. But is this really true? Anybody who's implemented can verify one way or the other how they did it?

 

Thanks.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...