troubleshooting Question

Help with PKI

Avatar of Eric Hummel
Eric Hummel asked on
SecurityActive Directory
1 Comment1 Solution65 ViewsLast Modified:
My questions are about PKI. I have been trying to setup a PKI and now have one setup in a lab. At that time, I did not use a CAPolicy.INF file and everything seems ok.  I just registered and received my PEN number from IANA and it looks like i am supposed to put this in the Policy file before setting up my Subordinate CA. That is fine, as i plan to rebuild one more time in the lab. It looks like I am supposed to enter the PEN/OID number in the form of 1.3.6.1.4.1.MY PEN. then an object identifier for the cert template i want to use.  For example, if i used
1.3.6.1.4.1.MY PEN.2.5.29.32.0  It would cover ALL Cert Templates and i'd only need the one policy?  since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it.  Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 1 Comment.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros