Avatar of Eric Hummel
Eric Hummel

asked on 

Help with PKI

My questions are about PKI. I have been trying to setup a PKI and now have one setup in a lab. At that time, I did not use a CAPolicy.INF file and everything seems ok.  I just registered and received my PEN number from IANA and it looks like i am supposed to put this in the Policy file before setting up my Subordinate CA. That is fine, as i plan to rebuild one more time in the lab. It looks like I am supposed to enter the PEN/OID number in the form of PEN. then an object identifier for the cert template i want to use.  For example, if i used PEN.  It would cover ALL Cert Templates and i'd only need the one policy?  since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it.  Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?
Active DirectorySecurity

Avatar of undefined
Last Comment

8/22/2022 - Mon