How to set IssuerName & SerialNumber in AKI

From: Patrick Tronnier (
Date: 02/17/05

Date: Thu, 17 Feb 2005 12:43:05 -0800

We have a Windows2003 box which is currently issuing certificates with an
Authority Key Identifier extension with a KeyID only (i.e. KeyID=ed 2a 47 a4
e9 09 5a ec 9e 51 1a 81 04 58 78 87 61 3f 94 fc).

How do we add the IsserName and IssuerSerial number to the AKI field?

Note: the certutil "-setreg policy\EditFlags +EDITF_ENABLEAKIISSUERSERIAL"
"certutil -setreg policy\EditFlags +EDITF_ENABLEAKIISSUERNAME" fail to add
these fields to the issued certificates.

Thank you.