Hey everyone! I'm having an issue with our CA. We use online templates linked to Active Directory, which includes the UPN. Despite having all the latest Microsoft patches applied, the OID I'm looking for is not showing up in the issued certificates' SAN as expected. After applying a patch to the DC post-September 10, it seems like our authentications take a hit due to missing strong mapping. Specifically, I'm trying to confirm if anyone has insight into why the OID 1.3.6.1.4.1.311.25.2 isn't appearing in our environment.
3 Answers
I understand your frustration. That article offers some workarounds, but if the OID is just missing, that’s concerning. It sounds like the alternative setups like adjusting the altsecurityidentifier can be really complex and daunting.
You should also take a look at the registry settings mentioned in the same article; sometimes that can fix the missing attributes issue.
You might want to check out this Microsoft support article: https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16. It covers some changes in certificate-based authentication that could affect you.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures