My questions are about PKI. I have been trying to setup a PKI and now have one setup in a lab. At that time, I did not use a CAPolicy.INF file and everything seems ok. I just registered and received my PEN number from IANA and it looks like i am supposed to put this in the Policy file before setting up my Subordinate CA. That is fine, as i plan to rebuild one more time in the lab. It looks like I am supposed to enter the PEN/OID number in the form of 1.3.6.1.4.1.MY PEN. then an object identifier for the cert template i want to use. For example, if i used
1.3.6.1.4.1.MY PEN.2.5.29.32.0 It would cover ALL Cert Templates and i'd only need the one policy? since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it. Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.