How can I get an OID for a certificate template?

I'm using C# (or VBScript) to issue a certificate from an Enterprise CA. According to this answer, I need to specify the OID instead of the certificate name, and place it in an unexpected portion of code. (IMHO I should place it where the null string is) I'm looking at certificate manager, templates, et.al, and can't locate the OID I should be using. Have any suggestions?

asked Jul 3, 2014 at 21:41 makerofthings7 makerofthings7 8,983 35 35 gold badges 125 125 silver badges 201 201 bronze badges

3 Answers 3

Certificate Templates are stored in the Configuration partition of Active Directory.

For instance, if your Certificate Template is named "Smartcard," then its DN would be:

CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com 

The msPKI-Cert-Template-OID attribute of that object contains the OID you seek.

Edit: Here's some Powershell:

PS C:\Users\Ryan> Get-ADObject 'CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com' -Properties msPKI-Cert-Template-OID DistinguishedName : CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com msPKI-Cert-Template-OID : 1.3.6.1.4.1.311.21.8.13882702.11110958.1330334.1890290.2281445.541.2.14 Name : Smartcard ObjectClass : pKICertificateTemplate ObjectGUID : 1cd4698d-56fe-4d4b-8005-f89a76d24ae1