K
Kris
I have the following problem:
I use win2003 Server Standard ed. with MS Certificate services.
Using certreq.exe I can successfully generate a certificate request
that looks like this:
-*Subject*:
E=email@email.com
CN=Some CN
OU=Org Unit
T=Mega Title
SN=123456
O=Org.
C=BE-
But when I have this certificate signed by a WIN2003 Server St Ed.
Certificate Server sub CA. The resulting certificate does not have the
"SN=123456" field anymore included in the certificate. For some reason
the CA has deleted this field from the subject. No errors occured
during the Issuing in the CA mmc tool.
Any idea's why? Does MS only allow certain subject fields. Any
debugging possibilities?
I am also looking into how I could add an not so useal field to this
subject in the request and have it signed. ex:
-*Subject*:
E=email@email.com
CN=Some CN
OU=Org Unit
T=Mega Title
OID.2.5.4.5=123456
O=Org.
C=BE-
CERTUTIL -V -DUMP ...
-*Details*:
[4,0]:
CERT_RDN_PRINTABLE_STRING, Length = 10 (10/1024 Characters)
2.5.4.5 Serial Number="123456"
50 4e 3a 20 33 30 30 30 30 39 123456
50 00 4e 00 3a 00 20 00 33 00
30 00 30 00 30 00 30 00 39 00
1.2.3.4.5.6.-
Anybody any idea how I need to use certreq.exe and the policy.inf file
to get to such a solution? Or if this is possible at all?
Thanks
Kris
--
Kris
------------------------------------------------------------------------
Kris's Profile: http://forums.techarena.in/member.php?userid=30895
View this thread: http://forums.techarena.in/showthread.php?t=823023
http://forums.techarena.in
I use win2003 Server Standard ed. with MS Certificate services.
Using certreq.exe I can successfully generate a certificate request
that looks like this:
-*Subject*:
E=email@email.com
CN=Some CN
OU=Org Unit
T=Mega Title
SN=123456
O=Org.
C=BE-
But when I have this certificate signed by a WIN2003 Server St Ed.
Certificate Server sub CA. The resulting certificate does not have the
"SN=123456" field anymore included in the certificate. For some reason
the CA has deleted this field from the subject. No errors occured
during the Issuing in the CA mmc tool.
Any idea's why? Does MS only allow certain subject fields. Any
debugging possibilities?
I am also looking into how I could add an not so useal field to this
subject in the request and have it signed. ex:
-*Subject*:
E=email@email.com
CN=Some CN
OU=Org Unit
T=Mega Title
OID.2.5.4.5=123456
O=Org.
C=BE-
CERTUTIL -V -DUMP ...
-*Details*:
[4,0]:
CERT_RDN_PRINTABLE_STRING, Length = 10 (10/1024 Characters)
2.5.4.5 Serial Number="123456"
50 4e 3a 20 33 30 30 30 30 39 123456
50 00 4e 00 3a 00 20 00 33 00
30 00 30 00 30 00 30 00 39 00
1.2.3.4.5.6.-
Anybody any idea how I need to use certreq.exe and the policy.inf file
to get to such a solution? Or if this is possible at all?
Thanks
Kris
--
Kris
------------------------------------------------------------------------
Kris's Profile: http://forums.techarena.in/member.php?userid=30895
View this thread: http://forums.techarena.in/showthread.php?t=823023
http://forums.techarena.in