**Camelot wrote:**
> Ok, if you are aware about these risks, then the following syntax must be used:
> ```
> Submit-CertificateRequest <parameters> -Attribute "san:dns=www.example.com&dns=sip.example.com"
> ```
We did the following tests:
1. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'CertificateTemplate:TestServerInternalStandard','san:dns=testname1.infineon.com&dns=testname2.infineon.com'
In this case only the required by the CA Template was taken.
2. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'san:dns=testname1.infineon.com&dns=testname2.infineon.com','CertificateTemplate:TestServerInternalStandard'
In this case only the Sans were taken and not the Template which resulted in an "Requeststatus denied" as our CA requires a Templatename.
Do you have an idea what we got wrong? Our CA is hosted on an Win2008 R2 Server.
Thanks Andreas
Comments: Hi Camelot, we have now found the solution. My colleague enabled as CA-Administrator the Extensions for SAN as you adviced in your first reply. Now also the SANs are part of the final certificate as we required. In the discussion about security we considered to replace the current __Enterprise CA__ by a __Standalone CA__. My question now is, are the __Functions__ still working when contacting a Standalone CA and how can I get a CA-Object when calling the Function Get-CertificationAuthority? E.g. I use __Get-CertificationAuthority__ to get CA-Information and __Submit-CertificationRequest__ which contains a CA Parameter and final __Get-IssuedRequest__ which also has a CA Parameter for Certificate Download from the CA? Again many thanks Andreas
> Ok, if you are aware about these risks, then the following syntax must be used:
> ```
> Submit-CertificateRequest <parameters> -Attribute "san:dns=www.example.com&dns=sip.example.com"
> ```
We did the following tests:
1. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'CertificateTemplate:TestServerInternalStandard','san:dns=testname1.infineon.com&dns=testname2.infineon.com'
In this case only the required by the CA Template was taken.
2. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'san:dns=testname1.infineon.com&dns=testname2.infineon.com','CertificateTemplate:TestServerInternalStandard'
In this case only the Sans were taken and not the Template which resulted in an "Requeststatus denied" as our CA requires a Templatename.
Do you have an idea what we got wrong? Our CA is hosted on an Win2008 R2 Server.
Thanks Andreas
Comments: Hi Camelot, we have now found the solution. My colleague enabled as CA-Administrator the Extensions for SAN as you adviced in your first reply. Now also the SANs are part of the final certificate as we required. In the discussion about security we considered to replace the current __Enterprise CA__ by a __Standalone CA__. My question now is, are the __Functions__ still working when contacting a Standalone CA and how can I get a CA-Object when calling the Function Get-CertificationAuthority? E.g. I use __Get-CertificationAuthority__ to get CA-Information and __Submit-CertificationRequest__ which contains a CA Parameter and final __Get-IssuedRequest__ which also has a CA Parameter for Certificate Download from the CA? Again many thanks Andreas