I have a CSR generated by an older Dell RAC. It does not include SAN, and I cannot extract the private key off the card. So, I want to add the SAN attributes in my Windows 2019 CA server using the +EDITF_ATTRIBUTESUBJECTALTNAME2 flag (I know of the "dangers" of enabling this flag, but this is a case that requires it).
The steps in Subject Alternative Name not added to certificate does NOT work for me.
It returns error Certificate not issued (Denied) Denied by Policy Module The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER) regardless whether I use web enrollment or certreq in a command prompt.
If I remove the flag with -EDITF_ATTRIBUTESUBJECTALTNAME2 the certificate is issued, but without the SAN.
How do I make it work?
Do I need to edit the web-server template to get this to work?
(PS: Unable to issue certificates after enabling SAN? talks about getting a validity period error. I don't receive that error. Only the The parameter is incorrect. 0x80070057 error).
