The content of the certificates (or the certificate requests to the CA) is defined under Certificate Attributes.
The certificate contents can be taken individually from the certificate datapool (or any other datapool listed on the left) or filled with a fixed value. Conversely, the fields of the certificate are listed on the right under 'Certificate Attribute'. You can now assign data fields to the certificate attributes as a 'Value' by drag-and-drop. You can also write a fixed, static value of a certificate attribute to the 'Value' field.
- Select fields and assign values to them with drag-and-drop or enter a fixed value.
- With the drop-down menu under Manage SAN-attributes you can add additional attributes, like Email or IP Address, you can add them also multiple times.
The SID extension (OID - 22.214.171.124.4.1.311.25.2) can be added to the authentication certificate templates, if necessary .
For more information, (see Microsoft KB-5014754for details).
You must add a bean override to custom-beans.xml to enable proper support for the SID extension when used with Smart ID Certificate Manager:
| Code Block|
The SID extension can only be used in PKCS#10 requests. Identity Manager cannot issue softtokens containing this extension.
|title||Enable proper support for Smart ID Certificate Manager|
this is the OID of the SID
To add the "SID" attribute to the attribute list of an existing certificate template:
Export the complete configuration file and go to the <extracted_configuration_folder>/coretemplates\certificatetemplate
Edit the certificate template where you would like to add the "SID" attribute and add it as shown below. This "SID" attribute is only applicable for p10 request. See this example::
| Code Block|
|title||Example: Certificate template|
<certificateTemplateDetails caCertTemplateName="my_ca_template_name" caName="my_ca_name" coreTemplateName="my_core_template_name">
<attribute type="empty" subtype="SID"/>
Import the modified CA template along with complete configuration file or with delta changes.
Identity Manager supports the SID extension with Microsoft ADCS and Smart ID Certificate Manager only.