我们有一个企业 AD CS 证书颁发机构,用于签署代码签名证书的证书请求。
我正在使用
certreq.exe -new -q -config "<servername>\<ca-name>" request.inf request.csr
命令生成 .csr,稍后将其提交给 CA。
最后,我使用
certreq.exe -submit -q -config "<servername>\<ca-name>" -attrib "CertificateTemplate:CodeSigning2" request.csr response.cer cert.p7b response.ful
命令检索证书。
发生的情况是,证书的“颁发给”属性设置为我自己(姓名 + 姓氏),这是我不想要的,并且据说是从登录到 CA Web 控制台进行签名的我的用户继承的。
我希望它显示我们的公司名称,但我还没有找到任何方法来明确指定它。
这背后的原因显然是,在安装 ClickOnce 部署的应用程序时,用户会收到一条提示,显示证书的颁发者名称,而不是主题或友好名称。
I have tested your CSR generating commands as follows:
request.inf contents in my test:
[newrequest]
subject = "CN = Company1, O = Company1 Corp, L = Place1, S = City1, C = TT"
Then on the machine that I have generated the CSR, I have checked Mmc -Certificate Manager - Current User - Certificate Enrollment Requests - doubled click the request:
and verified the subject of this request without problems.
CN = Company1
O = Company1 Corp
L = Place1
S = City1
C = TT
If you can see a similar enrollment request with subject as required but then the returning certificate is problematic, then the AD CS template you use (Codesigning2) should be investigated.