I've requested an certificate (for SSL on IIS 7) with several subjectAltNames. I'd read that some people might not like to do this because of the public being able to see links between different sites. (This doesn't matter as the certificate is for internal use). But this suggests that I should be able to see the subjectAltNames when I view the certificate. I can't.
Should I be able to see them, and if so, where?
Yes -- but it depends on the certificate viewer that you are using.
Subject Alt Name is an extension to the certificate. It is still signed as part of the certificate signature, but it may not be viewable through all the things that see certificates. Where it specifically shows up is somewhat a factor of how you are looking at it. It is in the certificate extensions. Usually it's qualied as "Subject Alternative Name" or "SubjectAltName".
I just tested IE 7.0 on XP and it can show the Subject Alt Name. It shows up as one of the detail items.
Also, this site will:
http://www.redkestrel.co.uk/cgi/decodeCert.pl
As I've gotten Subject Alt Names out of it before. They show up in the extension section.
If it's not showing up there, the certificate may have been made without it, which means you will need to go back to the owner of the Certificate Authority and get the name recreated.
Another caveat - not all products will handle subject alt name. You'll need to test each one separately. I've heard of a number of cases of products not recognizing it or parsing it, and then throwing errors because the SubjectDN does not map to the subject alt name.