CPS

How can I add "Issuer Statement" to user certificates?

March 22nd, 2015 3:18pm

When you build your PKI, you must do the following to activate the Issuer Statement button in a user certificate.

**Assuming a two-tiered CA hierarchy**

1) In the issuing CA certificate, you must define all issuance policy OIDs in the CAPolicy.inf file *before* you build the issuing CA. This is done by adding the following lines (changing out xxxx for your organization's assigned number from the IANA

[PolicyStatementExtension]
Policies=Basic,Medium,High
Critical=FALSE

[Basic]
OID=1.3.6.1.4.1.xxxx.509.1.1.2
[Medium]
OID=1.3.6.1.4.1.xxxx.509.1.1.3
[High]
OID=1.3.6.1.4.1.xxxx.509.1.1.4

2) Define the three OIDs in Active Directory (using the certtmpl.msc) console as Issuance policy OIDs. Be sure to implement a functional URL in the definition (this is what will pop up when the user clicks Issuer Statement)

3) In the custom user certificate template, include one of the OIDs as an issuance policy OID.

Then it will work

Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2015 4:57pm

Thanks

a clarification for 2

certtmpl.msc is for editing templates and you mension I have to define in AD. How do I define it?

March 23rd, 2015 2:40am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics