Mapping Custom Object Identifiers to Friendly Names

Applies To: Windows Server 2003 with SP1

When a certificate is enrolled and that certificate carries a custom object identifier and the policy information, an enrolled certificate's purpose may display an object identifier instead of a friendly description.

This occurs because the template that is used for certificate enrollment cannot translate the object identifier into a friendly name. Because of this, custom object identifiers are mapped to friendly names through the object identifier (also known as OID) container in the Active Directory. The mapping must be done in the V2 template that will use the custom object identifier. To translate the object identifier into a friendly name:

  1. Open the Certificate Templates MMC.

    To do this, click Start, click Run, in the Open box, type certtmpl.msc, press ENTER, and then open any V2 template.

  2. Click the Extensions tab.

  3. Click the Application Policies extension.

  4. Click Edit, click Add, and then click New.

  5. Type both the friendly name and related object identifier number, and then click OK.