Re: Configure a CAPolicy.inf file
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 09/27/03
- Next message: Herb Martin: "Re: IP Sec"
- Previous message: S. Pidgorny
: "Re: I blocked ports 135, 137, 445 on my router still I see unfamiliar addreses on my network" - In reply to: Anette Andresen: "Re: Configure a CAPolicy.inf file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Sep 2003 07:57:48 -0700
To answer your question - the value is the OID value as per the standard and
the data is the HEX representation of the ASN.1 encoded data.
The best references we have are in these two papers:
Best Practices:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws3pkibp.asp
Qualified sub -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/plan/ws03qswp.asp
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Anette Andresen" <anette_andresen@hotmail.com> wrote in message news:eLVqhAAhDHA.3636@tk2msftngp13.phx.gbl... > Thanks! That did it :) > > But I wonder what exactly the 2.5.29.15 stands for, and what AwIBBg== means? > Do you have some more in-depth information around what more I can configure > in a CAPolicy.inf file and how that is done? > > Anette > > "Laudon Williams [MSFT]" <laudonw@online.microsoft.com> wrote in message > news:OgeOeu6gDHA.884@TK2MSFTNGP12.phx.gbl... > > [basicconstraintsextension] > > pathlength = 13 > > criticaL=True > > > > [Extensions] > > 2.5.29.15 = AwIBBg== > > Critical = 2.5.29.15 > > > > This should do it. > > > > "Anette Andresen" <anette_andresen@hotmail.com> wrote in message > > news:u2nOEBegDHA.2576@TK2MSFTNGP11.phx.gbl... > > > I'm trying to install and configure a Windows Server 2003 Stand alone > root > > > CA. > > > I have configured most of the CAPolicy.inf file the way I want it using > > > examples from > > > > > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/sag_CS_Setup.asp > > > > > > But there is two things I would like to configure: > > > > > > 1. The path length constraint, and > > > > > > 2. The key usage field > > > > > > According to > > > > > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/deployguide/dssch_pki_mglu.asp > > > is it possible to configure the path length constraint using a > > CAPolicy.inf > > > file, but how is this exactly done? What should I write in my > CAPolicy.inf > > > file? > > > > > > And according to an earlier posting (from Michael Branco dated > 2003-08-20) > > > concerning "Customizing the Root Certificate" the answer there was that > > > changing the key usage was possible with the use of a CAPolicy.inf file > > and > > > a link to a best practice document was given > > > > > > (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/ope > > > rate/ws3pkibp.asp) > > > But I can't find out how this is done, and again what should I write in > my > > > CAPolicy.inf file if I in example just want the key usage to be > > certificate > > > signing and CRL signing? > > > > > > Regards, > > > Anette Andresen > > > > > > > > > > > >
- Next message: Herb Martin: "Re: IP Sec"
- Previous message: S. Pidgorny
: "Re: I blocked ports 135, 137, 445 on my router still I see unfamiliar addreses on my network" - In reply to: Anette Andresen: "Re: Configure a CAPolicy.inf file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
