Ping a Specific Port

Question

bfloriang

Asked: 2021-06-05 05:28:50 +0800 CST2021-06-05 05:28:50 +0800 CST 2021-06-05 05:28:50 +0800 CST

Restrict certain Subject Alternative names on ADCS

772

I'm curious if it is possible to restrict which subject alternative names are allowed for certificate signing requests towards ADCS. I would like to prevent issuing wildcard certificates for example. I did have a look at ADCS certificate templates but I don't see any settings that would influence this behavior.

I understand that one way to prevent this is CA manager approval and reviewing requests but in an environment where no such approval happens it would be good to have support for "blocklists" or rules / policies that the CSR has to adhere to and if a request to sign a certificate for *.example.com comes in and simply discards the request.

1 Answers

Voted

Jesse Bryan · Answer 1 · 2021-06-06T06:59:25+08:00

Jesse Bryan

2021-06-06T06:59:25+08:002021-06-06T06:59:25+08:00

That is a good question! I've used this method before for similar requirements. It might meet your needs.

https://winintro.ru/certtmpl.en/html/0acbd7fe-62b1-4aba-9cef-351e56075434.htm

0

Restrict certain Subject Alternative names on ADCS

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?