DJM2009
asked on
Creating custom certificate templates in 2K3 Issuing CA
Hi Everyone,
I am currently trying to find out whether it is possible to create a truely custom certificate template using windows 2003 32bit certificate services and not just duplicate an existing template. The reason being that the options with which we can build the SubjectName field with our current certificate template duplicates is not necessarily what we want.We have attempted CommonName , but due to some specific changes we had to make to our AD , the way the CN is automatically built is not want want in our certificate SubjectName field.
I was wondering whether you ONLY have the option of duplicating and modding the existing templates available on a windows 2003 certificate authority or whether you can literally create a custom one and import or push it into the template storage on a domain joined Issuing CA.
I am currently trying to find out whether it is possible to create a truely custom certificate template using windows 2003 32bit certificate services and not just duplicate an existing template. The reason being that the options with which we can build the SubjectName field with our current certificate template duplicates is not necessarily what we want.We have attempted CommonName , but due to some specific changes we had to make to our AD , the way the CN is automatically built is not want want in our certificate SubjectName field.
I was wondering whether you ONLY have the option of duplicating and modding the existing templates available on a windows 2003 certificate authority or whether you can literally create a custom one and import or push it into the template storage on a domain joined Issuing CA.
ASKER
As an example if the SubjectName to be populated by the CN,and lets say it comes out as "Full name - departmentname,buildingnum ber" but your web app or any app in general cannot deal with the fact you have a funky subjectname with spaces,hyphons or the fact that your Full name does not populate the subjectname field on its own. Could I then create a self customised certificate template that includes a subjectname that is populated by a custom attribute, "full name only" for instance.
IN other words a subjectname field not populated by the default options that MS 2003 certificate services comes with in its templates.
Does that demonstrate any better ?
IN other words a subjectname field not populated by the default options that MS 2003 certificate services comes with in its templates.
Does that demonstrate any better ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What are the alterations that you want to make and what is the purpose for the change?
I.e. I want my certificate to include a picture. A story, etc. Even if those were possible, they are useless for the establishing the secure connection or to have the application run without a warning that the application is unsigned.
Are you also creating an application that would access the data in the certificate you want to add?
i.e. your application will access your web site with your certificate and the application on the web server will access the personal certificate your web client provides and will display your picture as the visitor to the site?