How to include Request email in SSL certificate template?

J. L 1 Reputation point
2022-08-30T14:28:00.47+00:00

I copied the default "web server" template as my SSL template for cooperate server. When the server admin requests the cert in certlm.msc by click "Request a certificate", the admin can enter the required SAN name and etc. However I found the attribute "Request.Email" is empty in the request and there is no option for admin to enter it. The reason why I need this attribute to be populated is because I want to use it to send out email notification when the cert is about to be expired.

As temp solution, I have to ask the server admin to send the csr file and I use certreq to sign csr file by passing value to Request.Email attribute. However this is not a good method. I want to make Request.Email as a mandatory option so the admin must fill it in when requesting the cert. I assume this should be done in cert template but how?

Thanks in advance.

Community Center | Not monitored
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. risolis 8,741 Reputation points
    2022-08-31T06:48:19.987+00:00

    Hello @J. L

    Thank you for your post.

    I would like to know if there is any chance to give more details where this is hosted like for instance, if it is on-premises or Azure Cloud and so on....

    On the meantime, I would like to give you the next article that might be helpful for this case scenario

    https://www.altaro.com/hyper-v/windows-ssl-certificate-templates/

    Is there is any chance to gather the SSL template stated previously?

    Is this a Self-Signed certificate or Root CA one?

    Looking forward to your feedback.

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

  2. J. L 1 Reputation point
    2024-10-18T15:14:22.66+00:00

    The question is very clear how to make requester email as mandaroty attribute in SSL cert template. So it is not a self-signed neither a root CA. risolis is either not reading the question well or lack of basic PKI knowledge

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.