7

I'm using C# (or VBScript) to issue a certificate from an Enterprise CA.

According to this answer, I need to specify the OID instead of the certificate name, and place it in an unexpected portion of code. (IMHO I should place it where the null string is)

I'm looking at certificate manager, templates, et.al, and can't locate the OID I should be using. Have any suggestions?

Community
  • 1
makerofthings7
  • 8,821
  • 28
  • 115
  • 196

3 Answers3

7

Certificate Templates are stored in the Configuration partition of Active Directory.

For instance, if your Certificate Template is named "Smartcard," then its DN would be:

CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com

The msPKI-Cert-Template-OID attribute of that object contains the OID you seek.

Edit: Here's some Powershell:

PS C:\Users\Ryan> Get-ADObject 'CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com' -Properties msPKI-Cert-Template-OID


DistinguishedName       : CN=Smartcard,CN=Certificate Templates,CN=Public Key
                          Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com
msPKI-Cert-Template-OID : 1.3.6.1.4.1.311.21.8.13882702.11110958.1330334.1890290.2281445.541.2.14
Name                    : Smartcard
ObjectClass             : pKICertificateTemplate
ObjectGUID              : 1cd4698d-56fe-4d4b-8005-f89a76d24ae1
Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • Thank you. I also found it just now when looking at an issued certificate, click `all tasks`, and `view attributes/extensions` – makerofthings7 Jul 03 '14 at 21:48
3

I had trouble with finding the distinguished name for a certificate template, so I found a different way than the other answers by following these steps:

  • Open MMC and add the Certificate Templates snap-in (File > Add/Remove Snap-ins > Certificate Templates - you may need to run as administrator to have this snap-in available)
  • Right Click the certificate template you want the OID of
  • Open Properties
  • Open Extensions tab
  • Select Certificate Template Information
  • The OID will be visible in the description below after "Object identifier"
chillNZ
  • 31
  • 2
0

I think you may need this entire string for your domain OID.

    Get-ADObject ('CN=OID,CN=Public Key Services,CN=Services,'+(Get-ADRootDSE).configurationNamingContext) -Properties msPKI-Cert-Template-OID | Select-Object -ExpandProperty msPKI-Cert-Template-OID
Dean Weis
  • 1