Managing MS AD certificate templates
Edit a certificate template mapping
-
Navigate to
. -
Select the template mapping you want to edit, and click Edit.
-
Complete the Edit MS AD Certificate Template Mapping fields based on the information provided in the following table.
Column Description MS AD Template
MS Agent
The MS agent through which certificate requests are brought from MS AD to SCM.
MS AD Template
The MS AD certificate template configured on the AD server.
Certificate
Certificate Type
The type of certificate that is requested using this template.
For SSL certificates the value must be SSL Certificate.
Term
The validity period configured for the selected Sectigo certificate profile in SCM.
Certificate Profile
The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.
Attributes Mapping
The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles.
Attribute mapping is not available for SSL certificates.
Term
The validity period of the certificate, as defined in the selected template.
Key Usage
Key usage defined in the selected MS AD certificate template.
Extended Key Usage
Extended key usage defined in the selected MS AD certificate template.
-
Click Save.
-
Navigate to
. -
Select the template mapping you want to edit, and click Edit.
-
Complete the Edit MS AD Certificate Template Mapping fields based on the information provided in the following table.
Column Description MS AD Template
MS Agent
The MS agent through which certificate requests are brought from MS AD to SCM.
MS AD Template
The MS AD certificate template configured on the AD server.
Certificate
Certificate Type
The type of certificate that is requested using this template.
For Client certificates the value must be Client Certificate.
Term
The validity period configured for the selected Sectigo certificate profile in SCM.
Certificate Profile
The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.
Attributes Mapping
The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles.
This mapping can override settings specified in the MS AD Certificate Template.
Term
The validity period of the certificate, as defined in the selected template.
Key Usage
Key usage defined in the selected MS AD certificate template.
Extended Key Usage
Extended key usage defined in the selected MS AD certificate template.
-
(Optional) customize the attributes mapping.
-
Click Customize Attributes.
-
Complete the Attributes Mapping fields based on the information provided in the following table.
Field Description Attribute
Indicates the terms used by SCM.
The default attributes are:
-
Common Name — The domain to which the certificate is to be issued.
An email can also be included in the CN field. The maximum allowed character length for this field is 64.
-
DNS — DNS hostname.
-
Department Name — The name of the department in which the end-user works.
-
Email — The email address of the end-user.
If this attribute is mapped and Send to CA is selected, the end-user’s email address is included in the certificate’s Subject and SAN fields.
-
First Name — The end-user’s first name.
-
Last Name — The end-user’s surname.
-
Organization Name — The name of the company for which the end-user works.
-
SPN — The unique identifier of the service instance.
-
Secondary Email — Additional email address for the end-user.
-
UPN — The email address that should appear as principal name in the certificate to be issued.
Client certificates issued to end-users of organizations or departments with principal name support enabled (the option is off by default) include a Principal Name, in addition to the RFC 822 name, in the SAN field.
Value
Indicates the equivalent terms used in MS AD or a static value unrelated to MS AD.
When you start typing a value, a list of suggested AD attributes is populated. If a static value is used, it must be enclosed in quotation marks.
Send to CA
Enables attributes to be included (selected) or excluded from (not selected) the transition of the incoming request to the CA.
If a check box is disabled (grayed out), it means that the attribute is mandatory for the CA and must be included in the request. In case of device certificates, all customized attributes are sent to CA.
Add
Adds an SCM attribute to be mapped.
Duplicate attributes are not permitted.
Reset To Default
Resets all attributes and values to the default customized mapping.
Remove
Prevents the attribute from being populated in the Person profile and from being included in the certificate request sent to Sectigo.
Some attributes represent a mandatory detail of the connected Person profile and cannot be deleted.
-
-
Click Save.
-
-
Click Save.
-
Navigate to
. -
Select the template mapping you want to edit, and click Edit.
-
Complete the Edit MS AD Certificate Template Mapping fields based on the information provided in the following table.
Column Description MS AD Template
MS Agent
The MS agent through which certificate requests are brought from MS AD to SCM.
MS AD Template
The MS AD certificate template configured on the AD server.
Certificate
Certificate Type
The type of certificate that is requested using this template.
For Device certificates the value must be Device Certificate.
Term
The validity period configured for the selected Sectigo certificate profile in SCM.
Certificate Profile
The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.
Attributes Mapping
The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles.
This mapping can override settings specified in the MS AD Certificate Template.
Term
The validity period of the certificate, as defined in the selected template.
Key Usage
Key usage defined in the selected MS AD certificate template.
Extended Key Usage
Extended key usage defined in the selected MS AD certificate template.
-
(Optional) customize the attributes mapping.
-
Click Customize Attributes.
-
Complete the Attributes Mapping fields based on the information provided in the following table.
Field Description Attribute
Indicates the terms used by SCM.
The default attributes are:
-
DNS Name — DNS hostname.
-
Email address — The email address of the end-user.
-
RFC 822 name — The email address of the end-user included in the certificate’s SAN.
-
Service principal name — The unique identifier of the service instance.
-
User principal name — The email address that should appear as principal name in the certificate to be issued.
Value
Indicates the equivalent terms used in MS AD or a static value unrelated to MS AD.
When you start typing a value, a list of suggested AD attributes is populated. If a static value is used, it must be enclosed in quotation marks.
Add
Adds an SCM attribute to be mapped.
Duplicate attributes are not permitted.
Reset To Default
Resets all attributes and values to the default customized mapping.
Remove
Prevents the attribute from being populated in the Person profile and from being included in the certificate request sent to Sectigo.
Some attributes represent a mandatory detail of the connected Person profile and cannot be deleted.
-
-
Click Save.
-
-
Click Save.