SAN DirectoryName in FIM CM
Hi all.
Is there a way to add directoryName in the Subject Alternate Name, when using the FIM CM?
Tamir Lavi
April 16th, 2011 3:16pm
You can use the Subject Alternative Name module to build an SAN name based on directoryName for a specific certificate template.
In fact, because it is a SAN, you can choose to have the SAN included or not (depending on whether the fields referenced in the expression string are populated
Brian
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2011 7:12am
Hi Brain!
First - Thanks for your quick reply.
The Subject Alt. Name module offer only "Email", DNS, and
Other Name fields.
I see no way to enter the DirectoryName in the certificate.
I do hope that I'm missing something here.
Can you give me some more details how to build the DirectoryName into the SAN?
Tamir Lavi
April 17th, 2011 8:53am
You would use OtherName and then provide the OID for DirectoryName (I believe it is 2.16.840.1.101.2.2.4 after a quick search - please double check)
You would then create your expression string
Brian
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2011 9:46am
Hi,
That won't work.
I took the time to test it, before I answer, but the result is just as I expected:
In the SAN I get somthing like that:
OtherName:
2.16.840.1.101.2.2.4 = 43 66 43 45 98 54 55 45
1st - DirectoryName can't be nested in "OtherName" - It must be on it's own.
2nd - I get ASCII codes instead of the string (like CN=MyName)
I see no other way to make it work.
Can it be that CLM doesn't support for DirectoryName in the SAN?
BR,
TamirTamir Lavi
April 19th, 2011 3:53pm