[openssl-users] Certificate template information

Jakob Bohm jb-openssl at wisemo.com
Tue Apr 28 03:17:17 UTC 2015

On 28/04/2015 02:59, Salz, Rich wrote:
>> I have need to identify a Microsoft generated certificate's template name, I believe as part of oid
> Where, in a cert OtherName field?
It is an extension.  Microsoft certificate server (their
bundled CA software) puts the name of the "certificate
template" (analogous to an openssl.cnf section) in a
certificate extension, and a few other Microsoft tools
unfortunately check this name in addition to more
relevant conditions such as EKU values etc.

The form I know of can be implemented as follows in
openssl.cnf (in the [sometemplatename_cert] section of
the file):

#     enrollCerttypeExtension (1 3 6 1 4 1 311 20 2)
#   OCTET STRING, encapsulates {
#     BMPString 'SomeTemplateName'
#     }
#   } = ASN1:BMP:SomeTemplateName

I am not sure about the OID, but it
might be similar.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list