Re: what is the key usage in certicate enrollment service?

From: ong (on_g_at_sinatown.com)
Date: 06/28/03 

Date: Sat, 28 Jun 2003 11:55:51 -0700

Hi David,

Thank you for your reply. I have checked the RFC 2459, and
find the following imformation.

      KeyUsage ::= BIT STRING {
           digitalSignature (0),
           nonRepudiation (1),
           keyEncipherment (2),
           dataEncipherment (3),
           keyAgreement (4),
           keyCertSign (5),
           cRLSign (6),
           encipherOnly (7),
           decipherOnly (8) }

However, I still don't know what I should put in the OID
field if I only want to apply a specific usage certificate.
For example, if I only want to get a certicate which is
used to provide digital signature service, how can I
construct the OID value ?

Thank in advance

ong

>-----Original Message-----
>These are defined in RFC 3280 or 2459. Example: digital
signature,
>non-repudiation, etc
>
>--
>
>
>David B. Cross [MS]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>http://support.microsoft.com
>
>"ong" <on_g@sinatown.com> wrote in message
>news:147c01c33d35$54562a80$a101280a@phx.gbl...
>> Hi all,
>>
>> I have started the certificate service in the win2k
server
>> and using a client machine to use the certificate
>> enrollment service to get the certificate.
>>
>> After i choose the advance request option and i can
change
>> the certificate usage from the select box, however, if i
>> choose "other", then there is a text box popup and ask
for
>> the OID. I would like to ask where can i get information
>> about the OID value and key usage mapping ?
>>
>> Thank in advance
>>
>> ong
>
>
>.
>

Relevant Pages

  • Re: Recommendations about 2-tier PKI, OIDs and CAPolicy.inf file
    ... > we are a college and are going to introduce smart card logon for our ... which CA issued the certificate when checking for pending requests. ... do I have to register for an OID or is it enough to use MS ...
    (microsoft.public.win2000.security)
  • Re: Syncing 3 Freebsd servers accounts Question
    ... >>includes a chapter on how to migrate from NIS to LDAP. ... And you will need OID if you want to add your own extensions to ... clash with commonly distributed entries, it would be convenient to have ... S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt ...
    (freebsd-questions)
  • Re: How to have windows display proprietary OID and related text present in X509 V3 certificate ?
    ... If it is a CPS OID, yes you can add this OID using the certificate templates ... will that text be displayed when a human> relying party only double click on the certificate as it is the> case for the EKU statements?" ... > It seems that the answer to the "display" of the question is linked to> definition of the custom OID in a MS forest:> "If the computer is a member of the forest where the custom OID is ...
    (microsoft.public.security)
  • Re: Cant get ssl working
    ... OID is a string that specify the usage of the ceritifcate. ... certificate using wizard, you have no choice to select the OID. ... A server authentication certificate has the following OID: ...
    (microsoft.public.inetserver.iis.security)
  • Re: X.509: Security Token does not support Data Encryption
    ... This is certificate Usage problem. ... Signature and Exchange) when you request Certificate in W2K CA. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)