Re: Certificate Subject DN...

From: William Adams (w.adams@nexor.co.uk)
Date: 11/28/02 

From: "William Adams" <w.adams@nexor.co.uk>
Date: Thu, 28 Nov 2002 17:01:00 -0000

Why would you say this is an odd requirement? Isn't it reasonable to be able
to get to a certificate (via LDAP or ADSI) from the subject of a
certificate.

"David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:#p9Q9wvlCHA.1824@tkmsftngp04...
> Unfortunately this is a limitation of the Windows 2000 CA, it does not
> include the full DN. The Windows .NET CA has removed this limitation.
>
> Note if you are using checkpoint, the latest version of their software no
> longer requires this odd requirement.
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "William Adams" <w.adams@nexor.co.uk> wrote in message
> news:#Ghg6BvlCHA.2224@tkmsftngp02...
> > Hi,
> >
> > I have set up an Enterprise CA, I can happily issue certificates to
> people.
> > However I have a problem, I have a security program that relies on the
> > subject DN in the certificate to be the actual DN of the user in the
> Active
> > Directory. By default with a 'user' certificate template it is the email
> > address of the form CN=Bob Bloggs,emailAddress=Bob@bloggs.com. If you
use
> > the 'Exchange user' template then it specifies a DN but this DN is made
up
> > from what the user specifies on the form. Both of these methods mean the
> > subject DN in the certificate bears no relation to the active directory.
> >
> > Any ideas on how to make the subject DN reflect the location of the user
> in
> > the directory?
> >
> > -Will
> >
> >
>
>

Relevant Pages

  • Re: Certificate Subject DN...
    ... > to get to a certificate from the subject of a ... The Windows .NET CA has removed this limitation. ... >> longer requires this odd requirement. ...
    (microsoft.public.win2000.security)
  • Certificate Subject DN...
    ... subject DN in the certificate to be the actual DN of the user in the Active ... By default with a 'user' certificate template it is the email ... from what the user specifies on the form. ... subject DN in the certificate bears no relation to the active directory. ...
    (microsoft.public.win2000.security)
  • Re: Windows 2003 - Child domain cannot request certificate from root domain
    ... It sounds like you have replication problems ... permissions on the certificate template you want to use. ...
    (microsoft.public.windows.server.security)
  • Certsrv and Autoenrollment problem
    ... The "Windows default" Policy Module logged the following warning: ... V1 Certificate Template could not be loaded. ... see Help and Support Center at ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003Premium Certification Authority from HELL!!!
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... It occur's when I request a certificate from the client and from the ... If you are using Enterprise CA, go to the Certificate Template in the ...
    (microsoft.public.windows.server.sbs)