My company is looking to deploy an application that will require a large number of certificates. We’re leaning towards using our own servers as a CA. I’ve been reading up on PKI and was looking for a few questions to be answered.
If we’re going to be deploying client and server certificates using our own CA, do I need to register with any organizations? I will be deploying the root certificate on our client hosts so they trust the CAs but is there anything else I’d need to do? I’ve heard of something called an OID. This statement came out of a Microsoft PKI book
“Where Do I Get an OID? An OID is a unique sequence of numbers that identifies a specific directory object or attribute. You can define an OID for a CPS as either a public OID or a private OID. If your organization plans to use PKI-enabled applications in conjunction with other organizations, you must obtain an OID from a public number-assignment company to ensure that your OID will be unique on the Internet. Sources for public OIDs include: The Internet Assigned Numbers Authority (IANA). This source issues free OIDs under the Private Enterprises arc. Every OID assigned by the IANA begins with the numbers 126.96.36.199.4.1, which represent iso(1).org(3).dod(6).internet(1).private(4).enterprise(1).
Komar, Brian (2010-03-23). Windows Server® 2008 PKI and Certificate Security (Pro Other) (p. 104). Microsoft Press. Kindle Edition.”
I’m not sure if we’ll need to do this or not?