Re: Certificate Subject DN...

From: David Cross [MS] (dcross@online.microsoft.com)
Date: 11/29/02 

From: "David Cross [MS]" <dcross@online.microsoft.com>
Date: Thu, 28 Nov 2002 21:05:24 -0800

Well, with the AD, you should use the UPN value in the subjaltname extension
to find the user. The DN can change for the user as the account is moved
between OUs. 

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"William Adams" <w.adams@nexor.co.uk> wrote in message
news:#f$g$9vlCHA.1912@tkmsftngp04...
> Why would you say this is an odd requirement? Isn't it reasonable to be
able
> to get to a certificate (via LDAP or ADSI) from the subject of a
> certificate.
>
> "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> news:#p9Q9wvlCHA.1824@tkmsftngp04...
> > Unfortunately this is a limitation of the Windows 2000 CA, it does not
> > include the full DN.  The Windows .NET CA has removed this limitation.
> >
> > Note if you are using checkpoint, the latest version of their software
no
> > longer requires this odd requirement.
> >
> > --
> >
> >
> > David B. Cross [MS]
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > http://support.microsoft.com
> >
> > "William Adams" <w.adams@nexor.co.uk> wrote in message
> > news:#Ghg6BvlCHA.2224@tkmsftngp02...
> > > Hi,
> > >
> > > I have set up an Enterprise CA, I can happily issue certificates to
> > people.
> > > However I have a problem, I have a security program that relies on the
> > > subject DN in the certificate to be the actual DN of the user in the
> > Active
> > > Directory. By default with a 'user' certificate template it is the
email
> > > address of the form CN=Bob Bloggs,emailAddress=Bob@bloggs.com. If you
> use
> > > the 'Exchange user' template then it specifies a DN but this DN is
made
> up
> > > from what the user specifies on the form. Both of these methods mean
the
> > > subject DN in the certificate bears no relation to the active
directory.
> > >
> > > Any ideas on how to make the subject DN reflect the location of the
user
> > in
> > > the directory?
> > >
> > >     -Will
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • Re: sfc /scannow wont run
    ... or upgrade installs but I definitely know retail versions do. ... If you have Windows XP Pro installed then do not purchase a Windows XP Home ... This behavior can occur if the certificate for VeriSign time stamping ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Certificate Subject DN...
    ... The Windows .NET CA has removed this limitation. ... By default with a 'user' certificate template it is the email ... > from what the user specifies on the form. ...
    (microsoft.public.win2000.security)