Re: Configure a CAPolicy.inf file

From: Anette Andresen (anette_andresen_at_hotmail.com)
Date: 09/26/03 

Date: Fri, 26 Sep 2003 09:30:24 +0200

Thanks! That did it :)

But I wonder what exactly the 2.5.29.15 stands for, and what AwIBBg== means?
Do you have some more in-depth information around what more I can configure
in a CAPolicy.inf file and how that is done?

Anette

"Laudon Williams [MSFT]" <laudonw@online.microsoft.com> wrote in message
news:OgeOeu6gDHA.884@TK2MSFTNGP12.phx.gbl...
> [basicconstraintsextension]
> pathlength = 13
> criticaL=True
>
> [Extensions]
> 2.5.29.15 = AwIBBg==
> Critical = 2.5.29.15
>
> This should do it.
>
> "Anette Andresen" <anette_andresen@hotmail.com> wrote in message
> news:u2nOEBegDHA.2576@TK2MSFTNGP11.phx.gbl...
> > I'm trying to install and configure a Windows Server 2003 Stand alone
root
> > CA.
> > I have configured most of the CAPolicy.inf file the way I want it using
> > examples from
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/sag_CS_Setup.asp
> >
> > But there is two things I would like to configure:
> >
> > 1. The path length constraint, and
> >
> > 2. The key usage field
> >
> > According to
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/deployguide/dssch_pki_mglu.asp
> > is it possible to configure the path length constraint using a
> CAPolicy.inf
> > file, but how is this exactly done? What should I write in my
CAPolicy.inf
> > file?
> >
> > And according to an earlier posting (from Michael Branco dated
2003-08-20)
> > concerning "Customizing the Root Certificate" the answer there was that
> > changing the key usage was possible with the use of a CAPolicy.inf file
> and
> > a link to a best practice document was given
> >
>
(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/ope
> > rate/ws3pkibp.asp)
> > But I can't find out how this is done, and again what should I write in
my
> > CAPolicy.inf file if I in example just want the key usage to be
> certificate
> > signing and CRL signing?
> >
> > Regards,
> > Anette Andresen
> >
> >
>
>

Relevant Pages

  • Re: Configure a CAPolicy.inf file
    ... representation of the keyUsage bits you want set. ... what AwIBBg== means? ... The key usage field ... >>> signing and CRL signing? ...
    (microsoft.public.windows.server.security)
  • Re: PKI - CA setup key usage problem
    ... Use http://support.microsoft.com/kb/888180 It explains how the Key Usage options are built ... For the AKI, I would recommend leaving the default of the thumbprint of the issuing CA certificate rather than the serial number and issuer combination, as it causes it is better for building certificate chains in environments where certificate renewals have taken place IMHO. ... Signature, Certificate Signing, Off-line CRL Signing, CRL Signing ". ... certutil -setreg policy\EditFlags +EDITF_ENABLEAKIISSUERSERIAL ...
    (microsoft.public.windows.server.security)
  • Re: Win2003 PKI : Subordinate CA certificate parameter
    ... I want the key usage on a subordinate ca ... defined only for Certificate Signing, Off-line CRL Signing, CRL Signing ... so there is no CAPolicy.inf on the wannabe subordinate CA. ...
    (microsoft.public.windows.server.security)
  • PKI - CA setup key usage problem
    ... I am now setting up standalone Certificate Authority ... Signature, Certificate Signing, Off-line CRL Signing, CRL Signing ". ... For some reasons, I want to change the key usage to "Digital Signature, ...
    (microsoft.public.windows.server.security)
  • PKI - CA setup key usage problem
    ... I am now setting up standalone Certificate Authority ... Signature, Certificate Signing, Off-line CRL Signing, CRL Signing ". ... For some reasons, I want to change the key usage to "Digital Signature, ...
    (microsoft.public.security)