Mapping a PIV Certificate using an OID

Note: Automatic Certificate Mapping requires PIVKey Admin Product version 7.1 or later.

To be recognized on the PIV Smart Card interface, a certificate must be mapped to one of the PIV certificate key slots. This can be done by including one of the following OIDs to the Certificate Template you want to assign to the particular slot.  You will need a separate Smart Card Certificate template for each PIV certificate key slot to be mapped.

Note: To learn more about how to create and customize certificate templates, see the Windows CA Section of the PIVKey knowledgebase

Windows Server 2008 R2 looks a bit different than Windows Server 20012 R2 and Windows Server 2016.

Windows Server 2008 R2:

To add the OID to the template in Windows Server 2008 R2, open the Server Manager on the Windows CA server, and open the relevant certificate template.

Select the "Extensions" tab. click on "Application Policies" and click "add" to add a new OID.

Windows Server 2012 R2 and Windows Server 2016:

To add the OID to the template in Windows Server 2012 R2 or Windows Server 2016, in the Server Manager, go to Tools, choose Certificate Authority.  Expand your server name, right click the Certificate Templates folder and choose Manage.  A new window opens with a list of templates will be in the middle pane.  (For screen shots of the previous process, see the articles about setting up certificate templates in the Windows CA section of the PIVKey knowledgebase

Right click the relevant certificate template and choose Properties.

ChooseTemplateProperties.png

Select the Extensions tab, then Application Policies, and Edit.

ApplicationPoliciesEdit.png

Select Add...

SelectAdd.png

Then New

ThenNew.png

Name_it.png

Give the new OID a name (we suggest you include the slot name in the title, as shown above in the example "PIVKey Mapped to Certificate for Authentication (9A)"). This application policy will show the name, but only on computers associated with the domain.

Assign one of the following OIDs (Object Identifiers)

PIV Certificate  OID
Certificate for Authentication (9A)     1.3.6.1.4.1.44986.2.1.1
Certificate for Digital Signature (9C)  1.3.6.1.4.1.44986.2.1.0
Certificate for Key Management (9D)    1.3.6.1.4.1.44986.2.1.2
Certificate for Card Authentication (9E)   1.3.6.1.4.1.44986.2.5.0
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk