We help IT Professionals succeed at work.

Generating User Certificates with a sAMAccountName as the CN

Manny Fernandez
I am configuring 802.1x for a wireless deployment.  I am using Microsoft CA Services to do auto-enroll for user certificates.  The problem I am having is that the template I cloned (the user template), generates the CN as the "Display Name" (e.g. John Doe) what I would like for it to use is the sAMAccountName (e.g. jdoe).  The issue is that if I do `display name`, the user would need to type "John Doe" for the EAP while everything else would be `Jdoe`.  Does anyone know of a way to do this?  We are using FortiAuthenticator as the RADIUS server.  

Side note, I was able to get it working using the FortiAuthenticator as the CA but I cannot use GPO to auto-enroll the users so it makes it more complex.
Watch Question

Distinguished Expert 2019
Why you need to type Display name and where you are typing it?

If you are using EAP without MS Chap v2 (password based auth), then user should have certificate installed on his workstation under local users certificate personnel store with "Client Authentication' as EKU with default common name that comes with user certificate
Distinguished Expert 2019

Are your 802.1x depends on the user or the system?
Are these domain based machines or personal devices that a user brings in?