Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, March 26, 2015 6:27 PM
Hi,
The objective here is to understand what Certificate templates are used to issue certificates.
We have a 2003 Sub Issuing CA which issues Certs to servers. Im thinking the best way to see what template was used to issue this Cert is to go the Details tab of the Cert, look at the Certificate Template Information Field and view the Value information, which says 'Template=1.3.6......'. I try to map this Value information back to the Source Cert Template in the Certificates Template MMC or the actual template by viewing the Certificates container on a DC using ADSIEDIT, however I don't see the info contained in the Value field anywhere.
Any suggestions on a good way to understand what templates are used by issued Certificates?
Thanks for your help! SdeDot
All replies (6)
Friday, March 27, 2015 3:43 AM ✅Answered
You are looking at the correct attribute. If you view the certificate in the GUI, it will populate the certificate template name when viewed by a domain member.
You can also view the OID properties in ADSIEDIT.msc to see the Common Name of the certificate template associated with the OID
Brian
Friday, March 27, 2015 2:19 PM ✅Answered
No, the certificate was issued using a template that someone deleted after the enrollment.
The only thing you can do is to look at the issued certificate at the Issuing CA.
Brian
Friday, March 27, 2015 8:55 PM ✅Answered
Look for the serial number
Brian
Friday, March 27, 2015 11:42 AM
Thanks for the response Brian.
What threw me for a loop is the particular Cert Im viewing in the GUI doesn't have a name of a template when I view the cert in the Cert Template Information field. What I see is the following:
Template =
1.3.6.1.4.1....8386
Major Version Number=100
Minor Version Number=3 So is it possible this Cert was issued without using a published template?
Thanks for your help! SdeDot
Friday, March 27, 2015 4:36 PM
Ahhh, ok! Given this is a system that has been around for 10+ years, that makes sense.
I've tried finding the cert on the Issuing CA, but haven't been successful with Filtering.
Thanks again for your help.
Thanks for your help! SdeDot
Friday, March 27, 2015 11:09 PM
Thanks....found it!
Thanks for your help! SdeDot