This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 61%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
Hi All,
Whenever I connect to Winrm over https it only works via FQDN because the ssl cert subject or subject alternative name only has the FQDN.
Has anyone successfully been able to autoenroll with both shortname and FQDN in the cert. The cert template does not provide an option for shortname AFAIK.
Looks like a common issue but I doubt leaving the subject name as blank is the answer given in spiceworks:
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
If in the SAN value in the certificate you have only one FQDN , you can connect to this server only with this FQDN to use Winrm over https. Because the certificate accept only once name mentioned in the SAN. It is the limitation when you choose to use auto enrollment to generate a server certificat.
If you want use another name , you have to create new computer or server certificate template in order to generate manually new certificate with the list of all server FQDN in the SAN Subject alternative Name.
The link below can help you to set the new template:
web-server-certificate-enrollment-with-san-extension.aspx
Please don't forget to mark helpful reply as answer
Hi Thameur
Thanks that is very helpful. I will test out with a new template and automating via a cmdline/script. I need this for every Windows VM which is built and also renew or push out the new cert to existing boxes.
Thanks again
Merve
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky