How to add custom field into PKI request
-
Mittwoch, 27. Februar 2013 15:23
Hello,
I have a question concerning our PKI infrastructure.
Can I add to our stand alone CA custom field.
I mean if somebody enter web site htp://OURCa/certsrv/---> "Web Browser Certificate" or "Advanced certificate request" --> and is there any way to add a new fileld on example "Application Usage" where user can enter some text ?
Example beneath:
To complete your certificate, type the requested information in the following boxes.
Name:
E-Mail:
Company:
Department:
City:
State:
Country/Region:
Application Usage: SOME TEXTI'll be very thankful for any help.
Mac
Alle Antworten
-
Mittwoch, 27. Februar 2013 18:18
Hi,
you should have a look into the C:\Windows\System32\certsrv\certdat.inc
' default values for the certificate request
sDefaultCompany="Frontoso"
sDefaultOrgUnit="IT"
sDefaultLocality="Gilbert"
sDefaultState="Arizona"
sDefaultCountry="US"For the application usage you have to change the C:\Windows\System32\certsrv\en-US\certrqma.asp file
Look into the BuildDistinguishedName function
Regards,
Lutz
P.S. The Application Usage will show up in the subject name of the certificate not as an extra attribute.- Bearbeitet LutzMH Mittwoch, 27. Februar 2013 18:21 P.S. added
-
Donnerstag, 28. Februar 2013 14:23
Hello,
First thanks for reply.
I looked into C:\Windows\System32\certsrv\certdat.inc and i've changed some defaults and these changes perfectly working, but i have a question concerning certrqma.asp file.
Did i have to add to this function another new line based on fields like Country, state,Locality etc. ?
I've attached this function below.
function BuildDistinguishedName() {
var sDistinguishedName="";
if (""!=document.UIForm.tbCountry.value) {
sDistinguishedName+="C=\""+document.UIForm.tbCountry.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbState.value) {
sDistinguishedName+="S=\""+document.UIForm.tbState.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbLocality.value) {
sDistinguishedName+="L=\""+document.UIForm.tbLocality.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbOrg.value) {
sDistinguishedName+="O=\""+document.UIForm.tbOrg.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbOrgUnit.value) {
sDistinguishedName+="OU=\""+document.UIForm.tbOrgUnit.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbCommonName.value) {
sDistinguishedName+="CN=\""+document.UIForm.tbCommonName.value.replace(/"/g, "\"\"")+"\";";
}
if (""!=document.UIForm.tbEmail.value) {
sDistinguishedName+="E=\""+document.UIForm.tbEmail.value.replace(/"/g, "\"\"") +"\";";
Mac
Maybay I've something mis-understood but,but I want to achieve new request with a new field like this below where the user have to fill in new field called "Application Usage" or "Manager". This field will be developed for every user, who will be demanding new certificate from Advanced Certificate REquest.
We want to achieve some kind of certificate monitoring, when somebody fill in request with this new field and after on example 1 year the certificate will expired, we want monitor expiration date (it's easy we don't have any problem with it) and 1 month earlier we wan to inform user which requested certificate that his certificate expiring.
- Bearbeitet MacKrk Donnerstag, 28. Februar 2013 15:01 PS
-
Donnerstag, 28. Februar 2013 15:24
Hi Mac,
you are right, what I told you would add an static information to the certificate but not a field on the website where a user can add his own values. My mistake. I can check that later today, but the certrqma.apsx would be the file where you need to look in to add a new field.
You can add this below line 158
<TR>
<TD ID=locAppUsageAlign Align=Right><Span ID=spnAppUsageLabel><Label For=locTbAppUsage><LocID ID=locAppUsageLabel><Font Size=-1>AppUsage:</Font></LocID></Label></Span></TD>
<TD><Input ID=locTbAppUsage Type=Text MaxLength=25 Size=2 Name=tbAppUsage Value="<%=sDefaultAppUsage%>"></TD>
</TR>and then update the distinguishedname function as you described above.
Regars,
Lutz
-
Freitag, 1. März 2013 12:05
Hi again,
As You suggested i added below line 158 new field.
Also I noticed that in this file certrqma.asp there are several lines which contains fields from request, so I added new lines concerning AppUsage in lines:
1250 - markLabelNormal(spnAppUsageLabel);
1267 - // document.UIForm.tbAppUsage.value OK
1384 - if (""!=document.UIForm.tbAppUsage.value) {
sDistinguishedname+="E=\""+document.UIForm.tbAppUsage.value.replace(/"/g, "\"\"") +"\";";
After these modifications new field AppUsage appeared in certificate request, but unfortunately when I filled in all fields and I click Submit nothing happened.
The certificate request was cleaned and i can't find this request in pending,failed requests.
If You have an opportunity to check this on Your test environment please let me know.
Regards
Mac
Mac
-
Freitag, 1. März 2013 17:51
Here you go. AppUsage will show up as another OU value in the subject field.
http://dl.dropbox.com/u/21564625/certrqma.txt
-
Montag, 4. März 2013 07:23
Yes, new field appeared (link below) in WebServer Template, but there is another problem (and i hope last one) .
https://www.dropbox.com/s/w1hphg9ytlzdn39/pkiAppUsage.JPG?m
When I fill in all fields in request, nothing happened when I click "submit" button, the request doesn't go to status "pending" or even "failed".
I've tried to searched for a solution but without any success.
Mac
-
Freitag, 15. März 2013 14:17Any ideas ? :)
Mac
.png)
.png)
