Just a quick one today. I deployed a Windows CA at one of our customers for an Aruba Clearpass deployment. So its main use was to generate client certificates to authenticate with Clearpass.
For whatever reason, the clients kept requesting new computer certificates every few hours. I’m not an expert in certificates, so this might be obvious to some. But it took me a while.
So basically I had a template setup that looked like this.
You can configure this under the “Certificate Authority” -> right click on “Certificate Templates” -> and select “Manage”.
In the new window, look for the template, right click on it and select “properties” if you have created one already, otherwise select “Duplicate Template” if you want to create a new one.
Notice the “Subject name format”. It was set to None.
So changing that to DNS Name solved the issue. For now at least.
I probably should read into the request process and how a client verifies that the certificates he has, are correct, so it does not request a new one every time (one of the things it checks is probably the subject name).
Anyway. That’s it for now.
Till next time.