Help with PKI

My questions are about PKI. I have been trying to setup a PKI and now have one setup in a lab. At that time, I did not use a CAPolicy.INF file and everything seems ok.  I just registered and received my PEN number from IANA and it looks like i am supposed to put this in the Policy file before setting up my Subordinate CA. That is fine, as i plan to rebuild one more time in the lab. It looks like I am supposed to enter the PEN/OID number in the form of 1.3.6.1.4.1.MY PEN. then an object identifier for the cert template i want to use.  For example, if i used
1.3.6.1.4.1.MY PEN.2.5.29.32.0  It would cover ALL Cert Templates and i'd only need the one policy?  since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it.  Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?
Eric HummelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
If you want to customize CA installation, then only you need capolicy.inf
 Else with default setup CA can be installed without any issues
AD integrated CA anyways have all templates stored in active directory

If you wanted to publish custom CPS (Certificate Policy Statement), then you may use CAPolicy.inf

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.