This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 27%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Hi all,
In our company we use user certificate to login client to VPN SSL access.
Company firewall is integrated with local Certification Authority.
The system works fine at the moment, however we added an additional UPN suffix.
Employees UserPrincipalName is name@mathieu.company .local, but we added additional UPN suffix to change UserPrincipalName in "name@mathieu.company .com", so UPN and mail are the same.
Can I generate user certificate using addition UPN suffix instead of the original one?
CA VM runs Windows Server 2016 Datacenter.
Thanks a lot
Federico
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello FedericoCoppola-2569,
How are things going on your end? Please keep me posted on this issue. I appreciate your time and efforts.
Your time is greatly appreciated.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
any suggestions?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 41%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
Hello,
I think this can help you :
https://www.alitajran.com/add-upn-suffix-in-active-directory/
Regards.
Hello FedericoCoppola-2569,
Thank you for posting in our Q&A forum.
Q:Can I generate user certificate using addition UPN suffix instead of the original one?
A: I think it should be OK.
For example:
1-My domain name is b.com.
2-I set Alternative subject name on certificate template.
3-I add a.local as addition UPN suffix.
4-I issue user certificate to Administrator using CA with different UPN suffix.
To make sure this change is feasible, we recommend that you test it out with a test account.
That is, copy the original certificate from the user store, then delete the original certificate, store only the new certificate with new addition UPN suffix, and then check if you can use the VPN.
If everything is OK, you can make this change on all the users.
Hope the information above is helpful.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.