none
adding a new attribute to subject in digital certificates RRS feed

  • Question

  • Hi every body

    While studying on PKI, now I am working on a scenario in which every subscriber has to pay for his/her digital certificate, and each time one subscriber pay for the certificate a unique number is generated for the payment by the bank. I want to use this number as a part of subject distinguished name but I do not know which attribute is the most appropriate one for this purpose. could you please help me? 


    • Edited by Mary_87 Saturday, August 3, 2019 10:51 AM
    Saturday, August 3, 2019 10:50 AM

All replies

  • Rather than changing or setting the subject name differently, why not simply use the Serial Number of the certificate? That is unique to every certificate issued by your Issuing CA. Although the very remote possibility exists that a duplicate SN could be propagated from a second or other Issuing CA in your PKI hierarchy, the Common Name or Issue Date, for example, would be sufficient to differentiate for your billing purposes. 

    Most certificate management systems like Venafi or KeyFactor, for example, provide the capability to assign an attribute that would apply a Cost Center that you could then assign to every group that certificates are issued to. It makes tracking your billing very easy.

    Hope that helps,


    Regards,

      Bill

    Bill Stites - PKI Consultant

    Bill Stites, PKI Consultant , started in PKI at Providence Health & Services
    in the Pacific Northwest in 2006. He has since consulted in the design and implementation of PKIs
    and certificate management systems in retail, government and insurance organizations.
     

    Monday, August 5, 2019 2:30 PM
  • Thank you for your answer! Actually the usage of  the mentioned attribute is different from the certificate serial number, and I need both of them. Could you please help me to find some information about the attribute and method used for example in keyfactor? Is there any article about this?
    Tuesday, August 6, 2019 4:19 AM
  • Hello,
    Thank you for posting in our TechNet forum.

    We can try the following steps:

    1. Create/duplicate a user certificate template and we select supply in the request on Subject Name tab of this user certificate. Set user certificate template permission.



    2. Issue this user certificate template to Certificate Template container on CA.

    3. Logon one client with domain user account and request the corresponding certificate using cetimgr.msc console.

    4. Right click Certificate container under Personal and select All Tasks->Request New Certificate->Next->Next->select the corresponding user cettificate template.



    5. Click Properties->Subject tab

    Subject Name
    Type: Common name  (Tip: I find we can not select Full DN in such case.)
    Value: payment:123(Add)
    Value: daisy11(Add)

    then click Apply button-->OK button.

     


    6. If we enroll this certificate successfully, we can see the subject of this certificate as below:






    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 6, 2019 9:53 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 8, 2019 9:37 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 12, 2019 8:15 AM
    Moderator