Hi Guys,I amtrying to create a qualified subordinate CA to limit it to issuance of certificates with only Client Authentication, Server Authentication and Secure Email application policies. For the purpose I created a CAPolicy.inf file and placed it in C:\Windows before installing the Certificate Services on it. The installation went fine, but my requirements are not getting applied to the CA certificate, instead I still see that it is valid for All Application Policies. Contents of the CAPolicy.inf file can be seen at the end of this post. Please let me know if I am missing something. [Version] Signature="$Windows NT$" [ApplicationPolicyStatementExtension] Policies = AppEmailPolicy, AppSrvAuthPolicy, AppClAuthPolicy CRITICAL = FALSE [AppEmailPolicy] OID = 1.3.6.1.5.5.7.3.4 ; Secure Email [AppSrvAuthPolicy] OID = 1.3.6.1.5.5.7.3.1 ; Server Authentication [AppClAuthPolicy] OID = 1.3.6.1.5.5.7.3.2 ; Client Authentication Regards,wakh

No one is aware of it?