Introduction
When constructing a Certificate Signing Request (CSR) it may be required to customize the data sent in the request field. For example, the Common Name (CN) that needs to be encoded into the CSR and displayed as the Subject in the certificate may need to be customized such that it does not use the AD CN attribute value but some customizable value instead.
This article will describe how it is possible to configure the vSEC:CMS such that it will be possible to customize the values that are set in the CSR.
Depending on the Certificate Authority (CA) that you use the configuration steps will vary. In this article we will describe how to configure for a Microsoft CA.
For other supported CAs please refer to the articles that describe how to configure those CA connections which contain details on configuring the request fields.
Microsoft CA
The first step is to configure the certificate template on the MS CA to allow certificate requests to use customizable values in the request to be used as the subject.
From the certificate template on the CA enable the Supply in the request radio button in the Subject Name tab.
You will need to publish the CA template from the MS CA console so that it will be available to vSEC:CMS (see next steps).
1. From vSEC:CMS console navigate to Options – Connections and click the Certificate Authorities.
2. Select the CA Server Template already configured if one has been already configured and click the Edit button otherwise click the Add button to add a new template.
3. Click the Templates button and Update.
4. Select the template already configured on the MS CA template that is to be used. The Fields button will become available. Click the Fields button.
5. By default, the Common Name (CN) name will be populated in the table. This is the common name that will be sent to the CA when the certificate request is sent to the CA. To add more customizable fields click the Fields button. Add CSR fields from the Available pane to the Selected pane that you want to customize and click Ok.
CSR fields that are named Other Name should be used to customize the Subject Alternative Name (SAN). All other fields are to customize the subject field in the certificate. Additionally, RFC822 refers to the SAN email value as per the standard.
It is possible to customize what this value should be by clicking anywhere inside the Value field. This will open a dialog.
6. Enable the Use variable radio button and select the placeholder variable that is mapped to an attribute in your directory. See the article Using Variables to see how you can set up and map variables to attributes.
Enable the Use free text radio button from where it is possible to include an already configured placeholder variable and concatenate this with some free text. For example, the Common Name (CN) could be constructed from the placeholder variable ${CommonName} with free text of “–SomeFreeText” appended to the end of the ${CommonName} value. Then this would be entered as: ${CommonName}–SomeFreeText in the text field.