[Solved] Microsoft ADCS: Add SerialNumber as SubjectDN in Microsoft CA
Microsoft ADCS (Active Directory Certification Services) is a very handy server and in house available CA to provide CA facilities for user and computer certificates. This post is not about the installation and configuration of Microsoft CA or ADCS rather this is a configuration post to amend the templates so that SerialNumber can be added as SubjectDN. If you need to install and configure ADCS role, please follow Under listed URL:
Install Microsoft Active Directory Certification Services.
Solution: Add SerialNumber as SubjectDN
Only administrator of the ADCS (Microsoft CA) will be able to do these configurations. You must be local admin of the ADCS to perform these settings as registry editing is required.
Follow under listed steps to add SerialNumber in SubjectDN of any template of ADCS.
- Login to ADCS Server
- Go to Run Menu and type “regedit”
- Navigate to this path “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\[Name of your CA]“
- Expand the CA registry key to see all the entries
- go to “Subject Template” “Reg_Multi_SZ” entry to update it with “DeviceSerialNumber“
- Close the registry
- restart the server
- generate the SSL certificate again using any Template by adding serial number in the SubjectDN and it will work.
Reference URL from Microsoft technet is given as under: https://social.technet.microsoft.com/Forums/en-US/c6854cd5-420b-452d-a958-e2412411466a/request-certificate-with-custom-values?forum=winserversecurity
Subject = “[email protected],SERIALNUMBER=1234567,O=WindowsTechupdates,OU=IT,L=Lahore,S=Punjab,C=PK”
The resulting Subject Name in the certificate viewer then looks like:
SERIALNUMBER = 1234567
CN = [email protected]
OU = IT
O = WindowsTechUpdates
L = Lahore
S = Punjab
C = PK
I hope this will help someone to accomplish this simple task and he will be able to save few hours. Please share your comments about this post. keep visiting for more and more troubleshooting articles about day to day IT related problems. contact me at [email protected] if you like to discuss anything related to MicrosoftCA, SharePoint, Office365, Azure cloud, AWS EC2 and CLoudHSM, Active Directory and many more items.
