Mittwoch, 9. Januar 2013 13:54
I need to create certificates with a Custom OID. The only way I found is to modify the certificate template (User) and to add it to to the Application Policies as explained here:
On the Extensions tab, click Application Policies, and then click Edit.
In the Edit Application Policies Extension dialog box, click Add.
In Add Application Policy, ensure that the application you are creating does not exist, and then click New.
In the New Application Policy dialog box, provide the name for the new application policy, note the generated object identifier, and then click OK.
In this way my OID will be under X509v3 Extended Key Usage.
Is it possible to create this OID under the x509v3 extensions directly (not as a child of Extended Key Usage) in the form of a key value pair? Ex: my_oid : my_custom_string
Mittwoch, 9. Januar 2013 16:15
> Is it possible to create this OID under the x509v3 extensions directly (not as a child of Extended Key Usage) in the form of a key value pair? Ex: my_oid : my_custom_string
you can register your OID under either Application Policy or Issuance (Certificate) Policy. Each OID has to belong to a predefined scope: http://msdn.microsoft.com/en-us/library/aa381435(VS.85).aspx
In Active Directory you cannot register OID for other scopes than mentioned above (Application or Issuance Policy scope). Other OID groups can be registered only locally.
Donnerstag, 10. Januar 2013 14:31
Thanks for the replay,
is it possible to add a value for my OID under Application Policy? From the GUI does not seem to be possible...
Donnerstag, 10. Januar 2013 16:29
You need to use the Certificate templates console (certtmpl.msc) and edit an existing V2 or V3 certificate template.
On the Extensions tab, you can add a New application policy OID. This is the only interface for adding OIDs.
Just remember to not leave the application policy OID as part of the template you used to access the interface
Montag, 14. Januar 2013 02:26Moderator
As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
vor 18 Stunden 16 MinutenThis worked perfect for me. Thanks.