none
Is there a way to read the Template name defined in the registry via NDES? RRS feed

  • Question

  • I am trying to get a Client certificate using NDES (SCEP implementation). I read the document that mentions about the Registry that needs to be set for configuring the Template.  HKLM\Software\Microsoft\Cryptography\MSCEP”.

    As per Windows MDM Protocol, CertRequest configuration parameters takes template name as input, So I would like to know what has been set in the registry, such that I can use the same Template Name in my CSR configuration parameters. Is there a way I can get it?

    Below is the SyncML I am using, which takes Template Name as parameter.


    <Add>
      <CmdID>20</CmdID>
      <Item>
        <Target>
          <LocURI> ./cimv2/MDM_CertificateEnrollment.RequestID="e74ae2c3-50b8-4036-a51e-604cbffdea3b",StoreLocation="1",EnhancedKeyUsages="1.3.6.1.5.5.7.3.2",Issuers="CN=CertificateAuthority" </LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">xml</Format>
          <Type xmlns="syncml:metinf">text/plain</Type>
        </Meta>
        <Data>
          <CertificateRequest>
            <ConfigurationParameters xmlns="http://schemas.microsoft.com/SystemCenterConfigurationManager/2012/03/07/CertificateEnrollment/ConfigurationParameters">
              <ExpirationThreshold>20</ExpirationThreshold>
              <RetryCount>1</RetryCount>
              <RetryDelay>1</RetryDelay>
              <TemplateName>SMS_ClientCopy</TemplateName>
              <KeyStorageProviderSetting>2</KeyStorageProviderSetting>
              <KeyUsage>160</KeyUsage>
              <KeyLength>1024</KeyLength>
              <HashAlgorithms>
                <HashAlgorithm>SHA-1</HashAlgorithm>
              </HashAlgorithms>
              <CAThumbprint>6429CC067E892A2E63A53A9A332CE5DB1B04F82C</CAThumbprint>
              <ValidityPeriod>1</ValidityPeriod>
              <ValidityPeriodUnit>Years</ValidityPeriodUnit>
              <EKUMapping>
                <EKUMap>
                  <EKUName>Client Authentication</EKUName>
                  <EKUOID>1.3.6.1.5.5.7.3.2</EKUOID>
                </EKUMap>
              </EKUMapping>
            </ConfigurationParameters>
            <RequestParameters>
              <CertificateRequestToken>...</CertificateRequestToken>
              <SubjectName>CN=User</SubjectName>
              <SubjectAlternativeName>
                <SANs>
                  <SAN NameFormat="33554432" AltNameType="11" OID="1.3.6.1.4.1.311.20.2.3">User@certmgmt.contoso.com</SAN>
                </SANs>
              </SubjectAlternativeName>
              <NDESUrl>http://ndes7.contoso.com/certsrv/mscep/mscep.dll</NDESUrl>
            </RequestParameters>
          </CertificateRequest>
        </Data>
      </Item>
    </Add>
    


    • Edited by sumanthmp Saturday, June 14, 2014 6:04 AM included XML
    Saturday, June 14, 2014 6:00 AM

Answers

All replies