Link to home
Start Free TrialLog in
Avatar of DJM2009
DJM2009

asked on

Creating custom certificate templates in 2K3 Issuing CA

Hi Everyone,

I am currently trying to find out whether it is possible to create a truely custom certificate template using windows 2003 32bit certificate services and not just duplicate an existing template. The reason being that the options with which we can build the SubjectName field with our current certificate template duplicates is not necessarily what we want.We have attempted CommonName , but due to some specific changes we had to make to our AD , the way the CN is automatically built is not want want in our certificate SubjectName field.

I was wondering whether you ONLY have the option of duplicating and modding the existing templates available on a windows 2003 certificate authority or whether you can literally create a custom one and import or push it into the template storage on a domain joined Issuing CA.
Avatar of arnold
arnold
Flag of United States of America image

Certificates have a specific format to be universally recognized.  If you were to customize them outside the options, the certificate will be useless.

What are the alterations that you want to make and what is the purpose for the change?
I.e. I want my certificate to include a picture. A story, etc.  Even if those were possible, they are useless for the establishing the secure connection or to have the application run without a warning that the application is unsigned.
Are you also creating an application that would access the data in the certificate you want to add?
i.e. your application will access your web site with your certificate and the application on the web server will access the personal certificate your web client provides and will display your picture as the visitor to the site?
Avatar of DJM2009
DJM2009

ASKER

As an example if the SubjectName to be populated by the CN,and lets say it comes out as "Full name - departmentname,buildingnumber" but your web app or any app in general cannot deal with the fact you have a funky subjectname with spaces,hyphons or the fact that your Full name does not populate the subjectname field on its own. Could I then create a self customised certificate template that includes a subjectname that is populated by a custom attribute, "full name only" for instance.
IN other words a subjectname field not populated by the default options that MS 2003 certificate services comes with in its templates.

Does that demonstrate any better ?
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial