My questions are about PKI. I have been trying to setup a PKI and now have one setup in a lab. At that time, I did not use a CAPolicy.INF file and everything seems ok. I just registered and received my PEN number from IANA and it looks like i am supposed to put this in the Policy file before setting up my Subordinate CA. That is fine, as i plan to rebuild one more time in the lab. It looks like I am supposed to enter the PEN/OID number in the form of 1.3.6.1.4.1.MY PEN. then an object identifier for the cert template i want to use. For example, if i used
1.3.6.1.4.1.MY PEN.2.5.29.32.0 It would cover ALL Cert Templates and i'd only need the one policy? since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it. Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?
1.3.6.1.4.1.MY PEN.2.5.29.32.0 It would cover ALL Cert Templates and i'd only need the one policy? since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it. Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.