I'm using Microsoft CA to issue certificates for external users and so using a template with the option of the Subject Name being supplied in the certificate request.
The certificate request includes a dnQualifier component in the subject name but the certificates being issued do not include the dnQualifier component.
If I set the SecurityTemplate registry entry to the empty string then the certificates being issued do include the dnQualifier component.
Is there a way to add dnQualifer to the list of white listed DN component in the SecurityTemplate registry?
I've tried:
- "DistinguishedNameQualifier"
- "2.5.4.46"
- "OID.2.5.4.46"
- "OID:2.5.4.46"
- "DN_QUALIFIER"
- "DNQ"
- "dnQualifier"
All cause the CA to report an error when it starts.
What is the correct "name" to use for dnQualifier in the SubjectTemplate white list?