Re: Certificate extensions

From: SpirosA (SpirosA_at_discussions.microsoft.com)
Date: 11/12/04

  • Next message: Brian Komar: "Re: Certificate extensions" 
    Date: Fri, 12 Nov 2004 05:03:02 -0800

    For example you can see this certificate, which is from our root CA(solaris),
    to this url:

     http://www.ca.grnet.gr/documents/CPS.html

    Can i add information like :

    [1]Certificate Policy:
         Policy Identifier=1.3.6.1.4.1.16515.1.1.1.1
         [1,1]Policy Qualifier Info:
              Policy Qualifier Id=CPS
              Qualifier:
                   http://www.ca.grnet.gr/documents/CPS.html
         [1,2]Policy Qualifier Info:
              Policy Qualifier Id=User Notice
              Qualifier:
                   Notice Reference:
                        Organization=Greek Research and Technology Network
                        Notice Number=1
                   Notice Text=This certificate is subject to Greek laws and our
    CPS. This Certificate must only be used for academic, research or educational
    purposes

    "Brian Komar" wrote:

    > In article <01975FA6-0F51-41F4-8A81-D7B69261CE06@microsoft.com>,
    > SpirosA@discussions.microsoft.com says...
    > > Does anybody knows how to add an extension to a certificate template.I have
    > > installed a microsoft stand alone sub-CA (2003) and i want to put some
    > > information in text. For example i would like to add some information for the
    > > root CA .
    > >
    > What kind of information?
    > What extension?
    > Not enough details to really answer your question.
    > for a standalone CA, you can request almost anything in the certificate.
    > Check out certreq -? to see what must be placed in an INF file to
    > generate a certificate request with specific extensions. If using an
    > enterprise CA, the certtmpl.msc console will allow you to add *some*
    > extensions.
    >
    > What kind of information do you want for a root CA?? A Certificate
    > Practice Statement. Read help or the best practices white paper for
    > details in using CAPOlicy.inf to accomplish this.
    >
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/
    > operate/ws3pkibp.asp
    >
    >
    > Brian
    >

  • Next message: Brian Komar: "Re: Certificate extensions"

    Relevant Pages

    • Re: Certification Authority Certificate Template (own)
      ... I'm deploying an Enterprise Root Certification Authority using Win2K3 ... but the vanilla install issues a certificate ... template, ... If the template is not available, then a canned extension is used. ...
      (microsoft.public.windows.server.general)
    • Re: S/MIME encryption and automatic certificate selection
      ... extension to the CMS/PKCS #7 SignedData blob. ... CSP encryption capabilities and uses approprate strong key sizes. ... Note that certificate themselves can ALSO be issued with embedded SMimeCapabilities ... > call him Bob), the usual way is the following: ...
      (microsoft.public.platformsdk.security)
    • Re: certificate extension
      ... I have a problem in retaining the X509 extension in the end certificate which will be submitted to kdc. ... Subject Public Key Info: ... Signature Algorithm: sha1WithRSAEncryption ...
      (comp.protocols.kerberos)
    • MS CA and policy module with VB 6.0
      ... i'm doing research on this field and have created a test policy module (made ... specific extension and this works fine. ... certificate the certificate intended purpose shows (looking at the ...
      (microsoft.public.platformsdk.security)
    • certificate extension
      ... I have a problem in retaining the X509 extension in the end certificate which will be submitted to kdc. ... Subject Public Key Info: ... Signature Algorithm: sha1WithRSAEncryption ...
      (comp.protocols.kerberos)
    • Quantcast