Managing MS AD certificate templates

Edit a certificate template mapping

SSL certificates
Client certificates
Device certificates

Navigate to Enrollment MS AD Certificate Template Mapping.
Select a template mapping and click Edit.

Complete the Edit MS AD Certificate Template Mapping fields based on the information provided in the following table.

Column	Description
MS AD Template
MS Agent	The MS agent through which certificate requests are brought from MS AD to SCM.
MS AD Template	The MS AD certificate template configured on the AD server.
Certificate
Certificate Type	The type of certificate that is requested using this template. For SSL certificates the value must be SSL Certificate.
Term	The validity period configured for the selected Sectigo certificate profile in SCM.
Certificate Profile	The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.
Attributes Mapping	The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles. Attribute mapping is not available for SSL certificates.
Term	The validity period of the certificate, as defined in the selected template.
Key Usage	Key usage defined in the selected MS AD certificate template.
Extended Key Usage	Extended key usage defined in the selected MS AD certificate template.

Column

Description

MS AD Template

MS Agent

The MS agent through which certificate requests are brought from MS AD to SCM.

MS AD Template

The MS AD certificate template configured on the AD server.

Certificate

Certificate Type

The type of certificate that is requested using this template.

For SSL certificates the value must be SSL Certificate.

Term

The validity period configured for the selected Sectigo certificate profile in SCM.

Certificate Profile

The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.

Attributes Mapping

The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles.

Attribute mapping is not available for SSL certificates.

Term

The validity period of the certificate, as defined in the selected template.

Key Usage

Key usage defined in the selected MS AD certificate template.

Extended Key Usage

Extended key usage defined in the selected MS AD certificate template.

Click Save.

Navigate to Enrollment MS AD Certificate Template Mapping.
Select a template mapping and click Edit.

Complete the Edit MS AD Certificate Template Mapping fields based on the information provided in the following table.

Column	Description
MS AD Template
MS Agent	The MS agent through which certificate requests are brought from MS AD to SCM.
MS AD Template	The MS AD certificate template configured on the AD server.
Certificate
Certificate Type	The type of certificate that is requested using this template. For Client certificates the value must be Client Certificate.
Term	The validity period configured for the selected Sectigo certificate profile in SCM.
Certificate Profile	The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.
Attributes Mapping	The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles. This mapping can override settings specified in the MS AD Certificate Template.
Term	The validity period of the certificate, as defined in the selected template.
Key Usage	Key usage defined in the selected MS AD certificate template.
Extended Key Usage	Extended key usage defined in the selected MS AD certificate template.

Column

Description

MS AD Template

MS Agent

The MS agent through which certificate requests are brought from MS AD to SCM.

MS AD Template

The MS AD certificate template configured on the AD server.

Certificate

Certificate Type

The type of certificate that is requested using this template.

For Client certificates the value must be Client Certificate.

Term

The validity period configured for the selected Sectigo certificate profile in SCM.

Certificate Profile

The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.

Attributes Mapping

The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles.

This mapping can override settings specified in the MS AD Certificate Template.

Term

The validity period of the certificate, as defined in the selected template.

Key Usage

Key usage defined in the selected MS AD certificate template.

Extended Key Usage

Extended key usage defined in the selected MS AD certificate template.

(Optional) customize the attributes mapping.

Click Customize Attributes.

Complete the Attributes Mapping fields based on the information provided in the following table.

Field	Description
Attribute	Indicates the terms used by SCM. The default attributes are: Common Name — The domain to which the certificate is to be issued. An email can also be included in the CN field. The maximum allowed character length for this field is 64. DNS — DNS hostname. Department Name — The name of the department in which the end-user works. Email — The email address of the end-user. If this attribute is mapped and Send to CA is selected, the end-user’s email address is included in the certificate’s Subject and SAN fields. First Name — The end-user’s first name. Last Name — The end-user’s surname. Organization Name — The name of the company for which the end-user works. SPN — The unique identifier of the service instance. Secondary Email — Additional email address for the end-user. UPN — The email address that should appear as principal name in the certificate to be issued. Client certificates issued to end-users of organizations or departments with principal name support enabled (the option is off by default) include a Principal Name, in addition to the RFC 822 name, in the SAN field.
Value	Indicates the equivalent terms used in MS AD or a static value unrelated to MS AD. When you start typing a value, a list of suggested AD attributes is populated. If a static value is used, it must be enclosed in quotation marks.
Send to CA	Enables attributes to be included (selected) or excluded from (not selected) the transition of the incoming request to the CA. If a check box is disabled (grayed out), it means that the attribute is mandatory for the CA and must be included in the request. In case of device certificates, all customized attributes are sent to CA.
Add	Adds an SCM attribute to be mapped. Duplicate attributes are not permitted.
Reset To Default	Resets all attributes and values to the default customized mapping.
Remove	Prevents the attribute from being populated in the Person profile and from being included in the certificate request sent to Sectigo. Some attributes represent a mandatory detail of the connected Person profile and cannot be deleted.

Field

Description

Attribute

Indicates the terms used by SCM.

The default attributes are:

Common Name — The domain to which the certificate is to be issued.

An email can also be included in the CN field. The maximum allowed character length for this field is 64.
DNS — DNS hostname.
Department Name — The name of the department in which the end-user works.
Email — The email address of the end-user.

If this attribute is mapped and Send to CA is selected, the end-user’s email address is included in the certificate’s Subject and SAN fields.
First Name — The end-user’s first name.
Last Name — The end-user’s surname.
Organization Name — The name of the company for which the end-user works.
SPN — The unique identifier of the service instance.
Secondary Email — Additional email address for the end-user.
UPN — The email address that should appear as principal name in the certificate to be issued.

Client certificates issued to end-users of organizations or departments with principal name support enabled (the option is off by default) include a Principal Name, in addition to the RFC 822 name, in the SAN field.

Value

Indicates the equivalent terms used in MS AD or a static value unrelated to MS AD.

When you start typing a value, a list of suggested AD attributes is populated. If a static value is used, it must be enclosed in quotation marks.

Send to CA

Enables attributes to be included (selected) or excluded from (not selected) the transition of the incoming request to the CA.

If a check box is disabled (grayed out), it means that the attribute is mandatory for the CA and must be included in the request. In case of device certificates, all customized attributes are sent to CA.

Add

Adds an SCM attribute to be mapped.

Duplicate attributes are not permitted.

Reset To Default

Resets all attributes and values to the default customized mapping.

Remove

Prevents the attribute from being populated in the Person profile and from being included in the certificate request sent to Sectigo.

Some attributes represent a mandatory detail of the connected Person profile and cannot be deleted.

Click Save.

Click Save.

Navigate to Enrollment MS AD Certificate Template Mapping.
Select a template mapping and click Edit.

Complete the Edit MS AD Certificate Template Mapping fields based on the information provided in the following table.

Column	Description
MS AD Template
MS Agent	The MS agent through which certificate requests are brought from MS AD to SCM.
MS AD Template	The MS AD certificate template configured on the AD server.
Certificate
Certificate Type	The type of certificate that is requested using this template. For Device certificates the value must be Device Certificate.
Term	The validity period configured for the selected Sectigo certificate profile in SCM.
Certificate Profile	The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.
Attributes Mapping	The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles. This mapping can override settings specified in the MS AD Certificate Template.
Term	The validity period of the certificate, as defined in the selected template.
Key Usage	Key usage defined in the selected MS AD certificate template.
Extended Key Usage	Extended key usage defined in the selected MS AD certificate template.

Column

Description

MS AD Template

MS Agent

The MS agent through which certificate requests are brought from MS AD to SCM.

MS AD Template

The MS AD certificate template configured on the AD server.

Certificate

Certificate Type

The type of certificate that is requested using this template.

For Device certificates the value must be Device Certificate.

Term

The validity period configured for the selected Sectigo certificate profile in SCM.

Certificate Profile

The Sectigo certificate profile configured to be issued when a certificate request is brought into SCM by the selected MS agent.

Attributes Mapping

The mapping of attributes brought from MS AD to the associated values in SCM certificate profiles.

This mapping can override settings specified in the MS AD Certificate Template.

Term

The validity period of the certificate, as defined in the selected template.

Key Usage

Key usage defined in the selected MS AD certificate template.

Extended Key Usage

Extended key usage defined in the selected MS AD certificate template.

(Optional) customize the attributes mapping.

Click Customize Attributes.

Complete the Attributes Mapping fields based on the information provided in the following table.

Field	Description
Attribute	Indicates the terms used by SCM. The default attributes are: DNS Name — DNS hostname. Email address — The email address of the end-user. RFC 822 name — The email address of the end-user included in the certificate’s SAN. Service principal name — The unique identifier of the service instance. User principal name — The email address that should appear as principal name in the certificate to be issued.
Value	Indicates the equivalent terms used in MS AD or a static value unrelated to MS AD. When you start typing a value, a list of suggested AD attributes is populated. If a static value is used, it must be enclosed in quotation marks.
Add	Adds an SCM attribute to be mapped. Duplicate attributes are not permitted.
Reset To Default	Resets all attributes and values to the default customized mapping.
Remove	Prevents the attribute from being populated in the Person profile and from being included in the certificate request sent to Sectigo. Some attributes represent a mandatory detail of the connected Person profile and cannot be deleted.

Field

Description

Attribute

Indicates the terms used by SCM.

The default attributes are:

DNS Name — DNS hostname.
Email address — The email address of the end-user.
RFC 822 name — The email address of the end-user included in the certificate’s SAN.
Service principal name — The unique identifier of the service instance.
User principal name — The email address that should appear as principal name in the certificate to be issued.

Value

Indicates the equivalent terms used in MS AD or a static value unrelated to MS AD.

When you start typing a value, a list of suggested AD attributes is populated. If a static value is used, it must be enclosed in quotation marks.

Add

Adds an SCM attribute to be mapped.

Duplicate attributes are not permitted.

Reset To Default

Resets all attributes and values to the default customized mapping.

Remove

Prevents the attribute from being populated in the Person profile and from being included in the certificate request sent to Sectigo.

Some attributes represent a mandatory detail of the connected Person profile and cannot be deleted.

Click Save.

Click Save.

Delete certificate template mappings

Navigate to Enrollment MS AD Certificate Template Mapping.
Select a template mapping to be deleted.
Click the Delete icon.
Click Delete.