any help with the tables?
hello,I have created some overview tables to publish on my website. Would somebody give it a look and may be correct any mistake or add anything else? I will give credit in that article (any form you ask) even just for confirmation.application and OS support for wildcard and SAN certificates:
Application
Supporting *
Supporting SAN
Internet Explorer 4.0 and older
no
no
Internet Explorer 5.0 and newer
yes
yes
Internet Explorer 7.0
yes
yes, if SAN present, Subject is ignored
Windows Pocket PC 3.0 a 4.0
no
no
Windows Mobile 5.0
no
yes
Windows Mobile 6.0 and newer
yes
yes
Outlook 2003 and newer
yes
yes
RDP/TS proxy
yes
yes, if SAN present, Subject is ignored
ISA Server firewall certificate
yes
yes
ISA Server 2000 a 2004 published server certificate
no
no
ISA Server 2006
yes
yes, uses only the first name in SAN
OCSP and delta CRL checking:
System
Checking OCSP
Delta CRL
Windows 2000 and older
no
ne
Windows XP
no
yes
Windows Vista and newer
yes, preffered
yes
Windows Pocket PC 4.0 and older
no
no
Windows Mobile 5.0
no
yes
Windows Mobile 6.0
no
yes
Windows Mobile 6.1 and newer
yes, preffered
yes
ISA Server 2006 and older
no
yes
TMG 2010 and newer
yes, preffered
yes
thank you.ondrej.
September 10th, 2009 10:37pm
Hi,
Although I know you meant native OCSP support, but I would mention other options how to achieve OCSP support in older OSes. There exists open source project http://pkif.sourceforge.net/pkifocsp.html sponsored by US Marines Corps Systems Command that brings OCSP support to XP/2003 systems and it's working fine for me:).
I would add also the application behaviour when the CDP is unreachable and I would split the tables, separate tables for OSes and separate tables for applications (ISA, TMG). Also I'm not sure if the OCSP support in ISA / TMG is not determined by underlying OS (e.g. ISA - 2003, TMG - 2008). Finally I would add server OSes (when you mention server apps).
Also you might be interested in this web sites http://www.digicert.com/subject-alternative-name-compatibility.htm that describes roughly SAN compatibility as well as compatibility for wildcard certificates.
Looking forward for the tables :).
Best regards
Martin
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2009 10:37am
cool. thanks. I am going to process the things.what concerns the ISA/TMG, it has its own processing for these, as of my knowledge.ondrej.
September 11th, 2009 11:06am