O
Ohaya
Hi,
According to MS documents on Active Directory Mapping - User Principal
Name Mapping:
"User principal name mapping is a special case of one-to-one mapping. To
use user principal name mapping, you must use the Active Directory
directory service. With user principal name mapping, the user principal
name is used to find the user's account in Active Directory and log it
onto the network or host. The user principal name looks very much like
an e-mail name, and is unique within a Windows Server 2003, Standard
Edition; Windows Server 2003, Enterprise Edition; or Windows Server
2003, Datacenter Edition domain. Enterprise certification authorities
(CAs) place the user principal name of the certificate holder into each
certificate. Thus, for accessing a secure IIS server or logging on to
Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise
Edition; or Windows Server 2003, Datacenter Edition with a smart card,
the mapping of user names to accounts is automatic on these
certificates."
It turns out that in a project that I'm working on, the client
certificates will be created/issued using a non-MS Certificate Server.
I would like to know specifically which standard field in the client
certificates the "User Principal Name" would go, and the specific format
for how this name in order that it work properly with Active Directory
Mapping - UPN Mapping?
From viewing some client certificates that I've created using MS
Certificate Server, it looks like it is in the "Subject Alternative
Name" field of the certificate, under "Other Name" and with:
Principal Name=<WindowsLogonName>@<DomainName>
Is this correct????
Thanks in advance!!!
According to MS documents on Active Directory Mapping - User Principal
Name Mapping:
"User principal name mapping is a special case of one-to-one mapping. To
use user principal name mapping, you must use the Active Directory
directory service. With user principal name mapping, the user principal
name is used to find the user's account in Active Directory and log it
onto the network or host. The user principal name looks very much like
an e-mail name, and is unique within a Windows Server 2003, Standard
Edition; Windows Server 2003, Enterprise Edition; or Windows Server
2003, Datacenter Edition domain. Enterprise certification authorities
(CAs) place the user principal name of the certificate holder into each
certificate. Thus, for accessing a secure IIS server or logging on to
Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise
Edition; or Windows Server 2003, Datacenter Edition with a smart card,
the mapping of user names to accounts is automatic on these
certificates."
It turns out that in a project that I'm working on, the client
certificates will be created/issued using a non-MS Certificate Server.
I would like to know specifically which standard field in the client
certificates the "User Principal Name" would go, and the specific format
for how this name in order that it work properly with Active Directory
Mapping - UPN Mapping?
From viewing some client certificates that I've created using MS
Certificate Server, it looks like it is in the "Subject Alternative
Name" field of the certificate, under "Other Name" and with:
Principal Name=<WindowsLogonName>@<DomainName>
Is this correct????
Thanks in advance!!!