Device certificate profile with SAN DNS= {{FullyQualifiedDomainName}} doesn't work

Regular Contributor

I've created a certificate profile to push device certificates to Windows 10 computers.  After struggling with the certificate requests failing for a while, I finally got it to issue certificates, but one of the SANs is missing.  


Initially the profile was set to use a Subject name of {{AADdeviceID}}, with a SAN of DNS={FullyQualifiedDomainName}}.  What seems to have got it working is to add a second SAN of DNS={{DeviceName}}, but looking at the certificate that was issued, it has only the second SAN.  The FQDN is not listed anywhere on the certificate.  

Has anyone set up a PKCS certificate profile that successfully issues device certificates with the FQDN as a subject name or SAN?  


What would cause the certificate to be issued without the additional SAN?

0 Replies