|
Posted by NothingtoSay? on July 12, 2005, 11:26 pm
Please log in for more thread options
Hi all,
situation is this :-
2003 member servers pre SP1
offline root CA
enterprise issuing CA in my domain x.y.net
Ive used capolicy.inf to modify offline root CA settings as follows
================================
[Version]
Signature= "$Windows NT$"
[CAPolicy]
Policies=LegalPolicy
[LegalPolicy]
OID=1.1.1.1.1.1.1.1.1
URL="http://mycompany/capolicy.htm"
Notice = "LEgal text"
[CRLDistributionPoint]
URL = ""
[AuthorityInformationAccess]
URL = ""
================================
main reason for this (i know its not a valid oid) was to remove need to
check root ca crl and to add a legal notice.
I want to publish offline root CA cert into my company AD but am unsure
if i can do this if AIA setting doesnt show a valid LDAP path? (ie to a
point within my AD)
Where i also get confused is do i have to set the AIA to point to my AD
domain in capolicy.inf or can i do this by modifying the extensions tab
of the CA once its installed (if its actually required at all ?)
Command i would use for publishing cert into AD was
certutil.exe -dspublish
Additionally what is the feeling about removing root Crl entry as ive
done in capolicy.inf?
Many thanks
Jonathan
| 
XML Sitemap