ADCS Installation (Part 6): How to find out ADCS OID number plus Certificate Templates
Hello Again, As you know, I have used a public OID number for my company from IANA. http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/4256a27f-29ee-42a1-b687-ad3c21e04c0c ;**************************************************************** : full details in the above link [Version] Signature= "$Windows NT$" [PolicyStatementExtension] Policies = LegalPolicy Critical = 0 [LegalPolicy] OID=1.3.6.1.4.1.My_PEN.21.43 Notice = “Legal policy statement text.” URL = “http://www.MyCompany.com/certdata/cps.asp” ... ;**************************************************************** My OID number is 1.3.6.1.4.1.My_PEN.21.43. There is nothing on the offline root CA server (no any certificate templates) via the Certificate Templates console (certtmpl.msc) . I have enabled the default certificate templates via the Certification Authority tool. I run the Certificate Templates console on my issuing CA server. The console opens up with one of domain controller servers. If I right click on it and select View Object Identfiers, I couldn't find any OID numbers which contains "1.3.6.1.4.1.My_PEN.21.43". I have used an account with Enterprise Admins and Domain Admins privileges to install and configure my ADCS on the issuing CA server. Where can I verify my OID? There are many certificate templates on the domain controller server. I have enabled only the following templates: Administrator Basic EFS Computer Directory Email Replication Domain Controller Domain Controller Authentication EFS Recovery Agent Subordinate Certification Authority User Web Server The Certificate Templates console contains total 35 templates - only two of them were created manually by me and the rest of them were created automatically by previous CA installations. They are: Authenticated Session,CA Exchange,CEP Encryption,Code Signing,Cross Certification Authority, ... I thought that my current installation should replace or upgrade them to Windows Server 2008 R2 level. What should I do on those tempaltes? Thanks, SJJ123
January 27th, 2010 5:38pm
Leave them as is.The default templates inlcude V1, V2, and V3 certificate templatesThey are not upgraded to V3 (Windows Server 2008) templatesBrian
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2010 10:34pm