CAPolicy.inf or Not
Hi There,
I’m working on implementing two tier PKI and was wondering
If I need to use the CAPolicy.inf.
In the Microsoft book they are using it but on Technet documentation they are not using it.
Can someone please recommend me which method to use?
The deployment will have 1 X offline standard CA and two issuing Enterprise CA running windows 2008 Servers.
Thanks,
SimonMCSA, MCSE, MCITP:SA, MCITP:EA, MCTS:Exchange Server 2010 Config, CCNA
January 11th, 2011 9:43pm
If you wish to define:
- Renewal key length for any CA
- Renewal validity period for any CA
- Initial AIA and CDP paths for a root CA
- Key Usage criticality and settings for any CA
- Whether to install default certificate templates on an enterprise CA
You must implement a capolicy.inf
I have never deployed a CA *without* using a capolicy.inf
HTH,
Brian
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2011 8:30am
Forgot the most important one, if you want to declare certificate policies and their related attributes (OID/URL), you must use a capolicy.inf
Brian
January 12th, 2011 8:41am
Thanks Brian, I'm reading your book "Windows Server 2008 PKI and Certificate Security" and you have done a great job with it.
Thanks,
Simon
MCSA, MCSE, MCITP:SA, MCITP:EA, MCTS:Exchange Server 2010 Config, CCNA
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2011 5:59pm