Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 275528 - Last Review: December 3, 2007 - Revision: 5.4
Windows Server 2003 Does Not Use the DNS Name as Certificate Subject
This article was previously published under Q275528
In Windows 2000, the Domain Name System (DNS) name of a
computer is embedded as the subject in computer certificates used for computer
and domain controller authentication. Windows 2000-based computers with DNS
names that are longer than 64 characters are not automatically enrolled for
computer certificates in Windows 2000-based and Windows Server 2003-based
Enterprise Certificate Authorities.
In Windows Server 2003, the DNS
name of the computer is not embedded as the subject. Therefore, Windows Server
2003-based computers do not encounter this problem.
The DNS name appears in the common name of the subject name
in certificates that are issued by Windows 2000-based Certificate Authorities.
This is an option that is supported by many Secure Socket Layer (SSL) clients.
The common name of the subject name is defined in the X.500 specification to
have a maximum length of 64 characters, which conflicts with the DNS
name-length limit of 255 characters. By editing the template in Windows Server
2003, it is possible to reinsert the subject field. However, this still does
not function with DNS names that are longer than 64 characters.
The
following event is generated if the automatic enrollment of a computer does not
succeed on a Windows 2000-based computer because of a DNS name that is too
long:
Event Type: Warning
Event Source:
Winlogon
Event Category: None
Event ID: 1010
Date:
9/27/2000
Time: 2:30:41 PM
User: N/A
Computer:
Computername
Description:
Automatic
enrollment against the certification authority
CertificateAuthorityName for a certificate of type
DomainController has failed. (0x80094001) The request subject name is invalid
or too long. Another certification authority will be tried.
APPLIES TO
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Advanced Server, Limited Edition
- Microsoft Windows Small Business Server 2003 Premium Edition
- Microsoft Windows Small Business Server 2003 Standard Edition
| kbcertservices kbinfo KB275528 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate