How the TameMyCerts Policy Module for Active Directory Certificate Services (ADCS) can help establish digital signature processes in the company

Author Uwe GradeneggerPosted on Categories TameMyCerts, Certificate usage, Certification AuthorityTags , ,

Nowadays, many companies want to rely on paperless processes to speed up internal approval and signature processes. In times when most employees are working from home, this has become even more important.

Although the Microsoft certification authority is able to implement automatic certificate issuance processes, their ability to influence the content of the certificate is severely limited.

The TameMyCerts Policy Module for Microsoft Active Directory Certificate Services (AD CS) allows the definition of extended Rules for the Subject Distinguished Name and also the Subject Alternative Name certificates issued.

TameMyCerts is a Policy moduleto secure the Microsoft certification authority (Active Directory Certificate Services). It extends the functions of the certification authority and enables the Extended application of regulationsto enable the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

TameMyCerts is open source and can be used free of charge. For use in the corporate sector, however, we recommend the Conclusion of a maintenance contract. This ensures that you receive qualified support and that the module can be further developed to a high quality in the long term.

The certificate content can be flexibly defined using static values, content from the certificate request (e.g. transfer to other certificate fields) or using Attributes from the associated Active Directory account can be formed. This considerably expands the possibilities for issuing certificates with a Microsoft certification authority.

The digital signature in the example (Adobe Reader) contains a Subject Distinguished Name constructed from the user's first name and surname. Only the user's login name would be possible with the Microsoft certification authority's on-board resources.

For example, the common name of the certificate can be compared with the displayName attribute from the Active Directory. The organizationName field, on the other hand, could be filled with a static value.

The Subject Distinguished Name of this certificate was filled with values from the Active Directory and static values.

Related links:

External sources

en_USEnglish
de_DEDeutsch en_USEnglish