Considerations for Certification Authority (CA) Names
Applies to
- Windows Server 2003,
- Windows Server 2008,
- Windows Server 2008 R2, and
- Windows Server 2012
Certification Authority Naming Rules
- The certification authority (CA) name should never be the same as the server's computer name (NetBIOS or DNS / hostname).
- If you use non-Latin characters (such as Cyrillic, Arabic, or Chinese characters), your CA name must contain fewer than 64 characters. If you use only non-Latin characters, your CA name can be no more than 37 characters in length.
- You can include dashes (-) in the CA name. As a matter of fact, the default name selected has dashes in it.
- In Windows Server 2012, spaces in the CA name may cause some issues with the following:
- LDAP paths (for a mitigation, see (for a mitigation, see Changes to Certification Authority 2012 CDP and AIA paths?)
- Certificate Enrollment Web Services name paths (for a mitigation, see Implementing Certificate Enrollment Web Services in Windows ServerĀ® 2012 that uses an Issuing CA with spaces in the name)
- These issues are expected to be resolved in a forthcoming software update.