Recently we needed to create a certificate for Office Web Apps – this required a SAN to be added to the cert. We only have a root CA in our environment but here’s a quick rundown of what we did to generate this certificate:
Logon locally to your root CA and open Server Manager > Expand Roles > Active Directory Certificate Services > Certificate Templates
Find the Web Server Template > right click and choose “Duplicate Template”. Next select the template version, for us we had to choose Windows Server 2003 Enterprise in order for it to show in our web interface:
After clicking ok you can customise your template. For Office Web Apps we set the Template Name > from the Request Handling tab tick the “Allow private key to be exported” box and click Ok – all the defaults are fine for this purpose. After clicking Ok double check it has successfully added your new cert to the list, if not double check you have created it correctly. If it is there we then need to add it to your root CA Certificate Templates. Expand your root CA and click on Certificate Templates, right click and choose Certificate Template to Issue.
Choose your certificate from the list and confirm it has been added.
Now open an Internet Explorer windows as admin. Navigate to https://localhost/certsrv > you may need to accept the certificate warning. When you get in choose Request a certificate > submit an advanced certificate request > Create and submit a request to this CA (if you have generated your request via IIS you can choose the other option here but for our purpose we will be choosing the first option). Here’s where you should see your newly created certificate template (in the drop down):
Choose your template and fill out the details for the identifying information. Make sure you tick the box for “Mark keys as exportable”. Now we need to add the SAN details. In the Attributes box you need to add the SANs your require in the following format:
san:dns=srvwac01.contoso.com&dns=officewebapps.contoso.com
To differentiate you may wish to add a Friendly Name for the cert (e.g. Office Web Apps Cert).
Click submit and the certificate will be installed to your CAs personal store – simply export it with a private key and you can then use it on your office web apps server.
Hope it helps!
