locked
CUSTOM CERTIFICATE REQUEST RRS feed

  • Question

  • Hi,

    How do I request a custom certificate (Windows Server 2012) with subject containing the OID's 2.5.4.15 (businessCategory), 2.5.4.5 (serialNumber)?

    This is to obtain an EV certificate.

    Thanks

    Sunday, September 16, 2012 1:14 AM

All replies

  • Hi,

    Thanks for posting in Microsoft TechNet forums.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
     
    Thank you for your understanding and support.

    Regards

    Kevin
    Monday, September 17, 2012 8:39 AM
  • Hi,

    Thanks for posting in Microsoft TechNet forums.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
     
    Thank you for your understanding and support.

    Regards

    Kevin

    Thanks
    Tuesday, September 18, 2012 12:48 AM
  • Hi,

    Please refer to

    http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/A451BAF9-D7FC-43D3-8C59-704CC7AF1E0E.

    Certificate Properties Extended Validation Tab:http://technet.microsoft.com/en-us/library/dd759060.aspx



    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, September 18, 2012 8:03 AM
  • Hi,

    Please refer to

    http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/A451BAF9-D7FC-43D3-8C59-704CC7AF1E0E.

    Certificate Properties Extended Validation Tab:http://technet.microsoft.com/en-us/library/dd759060.aspx



    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    This does not answer my question.
    Tuesday, September 18, 2012 1:14 PM
  • Hi,

    i found following articles, please let me know if it suits you.

    http://www.michellesullivan.org/blog/366

    http://code.google.com/p/chromium/issues/detail?id=88612


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, September 19, 2012 9:23 AM
  • Hi,

    i found following articles, please let me know if it suits you.

    http://www.michellesullivan.org/blog/366

    http://code.google.com/p/chromium/issues/detail?id=88612


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    This also does not help.
    Wednesday, September 19, 2012 7:46 PM
  • I am surprised your issuer is requiring your to provide a certificate or a certificate request with these RDN values in the subject,  are you trying to issue a EV certificate yourself?

    More information would help me provide some recommendations.

    Though the resulting CSR wont include these two RDN values you may be interested in csrhelp.globalsign.com which provides an example command line to generate a CSR in Windows.

    My best guess without some testing is you would add those OIDs as follows in the subject field, probably like:

    echo [NewRequest] >csrparams.inf
    echo Subject="C=US,CN=foo.com,2.5.4.15=bar,2.5.4.5=foo">>csrparams.inf
    echo KeySpec=1 >>csrparams.inf
    echo KeyLength=2048 >>csrparams.inf
    echo Exportable=TRUE >>csrparams.inf
    echo MachineKeySet=TRUE >>csrparams.inf
    echo SMIME=False >>csrparams.inf
    echo PrivateKeyArchive=FALSE >>csrparams.inf
    echo UserProtected=FALSE >>csrparams.inf
    echo UseExistingKeySet=FALSE >>csrparams.inf
    echo ProviderName="Microsoft RSA SChannel Cryptographic Provider" >>csrparams.inf
    echo ProviderType=12 >>csrparams.inf
    echo RequestType=PKCS10 >>csrparams.inf
    echo KeyUsage=0xa0 >>csrparams.inf
    echo Silent=TRUE >>csrparams.inf
    echo [EnhancedKeyUsageExtension] >>csrparams.inf 
    echo OID=1.3.6.1.5.5.7.3.1 >>csrparams.inf
    certreq -new csrparams.inf foo.com.csr

    Ryan

    CTO 

    GMO GlobalSign


    Ryan M. Hurst

    Sunday, November 3, 2013 7:22 PM