Certificates Issued by a Windows 2003 CA

[Modeverything]

I am using a Windows 2003 offline stand-alone CA. I have created a Windows 2003 enterprise subordinate CA in my active directory from my original offline CA. I am using my subordinate CA to issue certificates to our active directory client computers using group policy and auto-enrollment, and this is working great.

The problem I'm having is I would like to use the Cisco Secure Desktop software to authenticate client machines based off of their certificates. I'm limited on what I can check for, but basically I can check for fields in the Subject part of the client's certificate, such as Organization, Location, Country, etc. Well, the clients who are receiving certificates do not have these fields in their Subject, they only have the system's Common Name, which I don't want to use because it will be different for every system and I want something common, such as Organization.

So my question is, how can I issue certificates with these identifier fields in the Subject part of the certificate?


Thanks in advance for any help!

 

[theravager]

The computer certificates are different for every pc, and they identify each pc.

Thats the whole point of AD intergrated computer certificates, generally for external authentication the autoenrollment is bound by a group for the computers that access the service as opposed to every computer.

The cisco kit can be used to check the clients cert again AD to confirm that the cert is correct and allow it to authenticate single sign on, usually two factor is used thou to prevent a laptop being stolen having access into the kingdom.