Is it possible to choose the "Issued To" property for a Code Signing certificate signed by AD CS?

Question

We have a corporate AD CS Certification Authority that we use to sign certificate requests for Code Signing certificates.

I am using certreq.exe -new -q -config "<servername>\<ca-name>" request.inf request.csr command to generate the .csr that I later submit to the CA.

Finally, I retrieve the certificate using certreq.exe -submit -q -config "<servername>\<ca-name>" -attrib "CertificateTemplate:CodeSigning2" request.csr response.cer cert.p7b response.ful command.

What happens is that the certificate's Issued To property is set to myself (Name + Surname), which I do not want, and which supposedly was inherited from my user being logged on to the CA web console for signing.

I would like it to show our Company Name, but I haven't found any way to explicitly specify it.

The reason behind this is that, apparently, when installing a ClickOnce-deployed application, users get a prompt displaying the Issued To name of the certificate, not it's Subject or Friendly Name.

Answer 1

I have tested your CSR generating commands as follows:

request.inf contents in my test:

[newrequest]

subject = "CN = Company1, O = Company1 Corp, L = Place1, S = City1, C = TT"

Then on the machine that I have generated the CSR, I have checked Mmc -Certificate Manager - Current User - Certificate Enrollment Requests - doubled click the request:

and verified the subject of this request without problems.

CN = Company1
O = Company1 Corp
L = Place1
S = City1
C = TT

If you can see a similar enrollment request with subject as required but then the returning certificate is problematic, then the AD CS template you use (Codesigning2)  should be investigated.