Force Microsoft NDES to add DNS into SAN of requested certificate?

%3CLINGO-SUB%20id%3D%22lingo-sub-1799092%22%20slang%3D%22en-US%22%3EForce%20Microsoft%20NDES%20to%20add%20DNS%20into%20SAN%20of%20requested%20certificate%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1799092%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Eis%20it%20possible%20to%20force%20Microsoft%20NDES%20to%20add%20DNS%20(with%20FQDN)%20to%20SAN%20in%20requested%20certificate%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20use%20NDES%20for%20distributing%20802.1x%20certificates%20to%20our%20clients.%20We%20use%20NPS%20as%20RADIUS%20server%20which%20requires%20certificate%20to%20have%20DNS%20in%20its%20SAN.%20Possible%20solution%20would%20be%20to%20disable%20this%20NPS%20requirement%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20possible%2C%20because%20NDES%20Intune%20connector%20seems%20to%20do%20it.%20But%20I%20didn't%20find%20any%20registry%20key%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1799092%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Visitor

Hi,

is it possible to force Microsoft NDES to add DNS (with FQDN) to SAN in requested certificate?

 

I want to use NDES for distributing 802.1x certificates to our clients. We use NPS as RADIUS server which requires certificate to have DNS in its SAN. Possible solution would be to disable this NPS requirement :)

 

It seems possible, because NDES Intune connector seems to do it. But I didn't find any registry key etc.

0 Replies