Key Usage attribute for encryption and decryption does not contain the required values.
Hi All, I am creating certificates for AS2 communication with the client. The "Key Usage" attributes need to contain Key Encipherment, Data Encipherment (f0) for encryption and decrytion but the certifcates which I am creating they do not contain these values. Can some one help me out on this. Correct Attribute Value for "Key Usage". Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment (f0) Attribute Value with which the current certs are created. Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) Vishnu
June 3rd, 2010 5:21pm

Not sure what you are trying to do as the attribute value you show for current certs is a CA certificate, not a certificate *issued by* the CA. You will have to work with the certificate templates console (after correctly installing a CA or CA hierarchy) and configure key usage as required Brian
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2010 8:29pm

Hi Brian. Thanks for your reply. I need to make secure communication using BizTalk for EDI messaging over AS2. I am having certificate issues. I need to issue a certificate and share that with my partner who will be used for signing and encrypting the message to be sent to me. Below are my questions. Please help me on this. 1- When I am installing the CA, Install Enterprise Root CA is grayed out as I am not the admin in the Active Directory. If I am installing CA using Standalone Root CA or subordinate CA, will this CA will be good enough for self signed certificate generation. 2- What difference the checking of "Use custom settings to generate the key pair and CA certificate" option will make at the cert authority install. 3- When I generate or issue a certificate which certificate template is applied. I see multiple cert templates available in the store and correcsponding to CA. If I modify a certificate template how can I make sure that next issued certificate will issue certificate as per the newly created or modified template. 4- I am not able export .pfx, I am using Windows Server 2003. How can I control this. Can I control this at the time of installation. Regards,Vishnu
June 4th, 2010 10:05am

Hi Brian, Here are some of my thoughts against these question. Please add or correct me on these. 1 and 3- Enterprise Root CA will allow me to apply the certificate template while templates may not be used when you install CA using Stand-alone root CA. To install the CA using Enetrprise Root CA the user needs to be part of Enetrprise Admin Group. 4- By modifying Certificate Template, we can make the private ket exportable in Windows Server 2003. Regards, Vishnu
Free Windows Admin Tool Kit Click here and download it now
June 4th, 2010 2:31pm

Hi, Regarding your questions: 1 and 3- Enterprise Root CA will allow me to apply the certificate template while templates may not be used when you install CA using Stand-alone root CA. To install the CA using Enetrprise Root CA the user needs to be part of Enetrprise Admin Group. Yes, certificate templates will not be used if you are using a Standalone CA. To install an Enterprise root CA, you must be logged on with an account which is a member of the Enterprise Admins group and the root domain's Domain Admins group. Building an Enterprise Root Certification Authority in Small and Medium Businesses http://technet.microsoft.com/en-us/library/cc700804.aspx 4- By modifying Certificate Template, we can make the private ket exportable in Windows Server 2003. A private key is exportable only when it is specified in the certificate request or certificate template that was used to create the certificate. You can export a private key from a template that was created without export permission in Windows Server 2003 http://support.microsoft.com/kb/924033 Certificate Template Overview http://technet.microsoft.com/en-us/library/cc787721(WS.10).aspx This posting is provided "AS IS" with no warranties, and confers no rights.
June 9th, 2010 8:26am

Hi All, Can anyone provide the inputs for this question ? Thanks and Regards, Mahesh R. Kulkarni
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2011 5:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics