Small error in "Best Practices for Implementing a MS W2003 PKI"

From: Guillaume (Guillaume_at_discussions.microsoft.com)
Date: 06/30/05


Date: Thu, 30 Jun 2005 06:31:05 -0700

Hi everyone,

Don't know exactly where to post this information, but I thought it would
better to report it. If it really is an error... Otherwise please feel free
to correct me!

In the document "Best practices for implementing a Microsoft Windows Server
2003 PKI" at
"http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx?pf=true"
In the AIA Publishing properties section, the table that gives the values
seems to be wrong. From the tests I've done, it should read:
- Include in the AIA extension of issued certificates = 2 (instead of 1)
- Include in the online certificate status protocol (OCSP) extension = 32
(instead of 2)
By the way, the right values are used in the sample scripts that follow for
configuring the CAs. That's when I modified the scripts for my own
configuration and wanted to check the values that I found this.

Not much, but it can always help!

Guillaume.