|
Posted by Ioan Herisanu on June 11, 2006, 9:07 am
Please log in for more thread options
I try to use the following combination:
Enterprise root ca and latest scep download. I try to enhance the usage of
certificates adding Client Authentication in certificate purposes in a
version 2 template created. I made the template after the v1 of
IPSECIntermediateOffline. I also deleted the IPSECIntermediateOffline
template from the CA and placed my new v2 template in place(new template to
issue).I also superceeded the v1 original template with this new v2. To make
sure it works, i put everywere i saw fit Everyone group with all rights. Of
course, this is not a production system, i just lowered as much i could this
thing. When i try to request certificates, i get the error in ca saying that
"The request was for a certificate template that is not supported by the
Certificate Services policy: IPSECIntermediateOffline". Indeed , the
IPSECIntermediateOffline is not allowed to be issued, but instead i use a
template that should be used instead of that. I also looked into mscep.dll
and saw that you are asking specifically for this template
IPSECIntermediateOffline. So here are my questions: is it feasible what i am
doing? 2. If i use a stand alone ca, certificates that i get with this method
have all all intended purposes enabled. When i use an Enterprise root ca,
they only have a specific purpose. Is there a way to change this or add some
other OID?( i mean 1.3.6.1.3.5.5.8.2.2 OID?) I see that certs get from an
stand alone root ca have e0 (Digital Signature, Non-repudiation, Key
Encipherment) and those from enterprise root ca have a0 (Digital Signature,
Key Encipherment).
As i did not find anything yet, i kindly ask you to point me where i am
wrong.
Thank you,
for your time and patience.
| 
XML Sitemap