Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
Certificate Template: create Custom OID

Answered Certificate Template: create Custom OID

  • Mittwoch, 9. Januar 2013 13:54
     
     
    Anmelden
    0

    Hi,

    I need to create certificates with a Custom OID. The only way I found is to modify the certificate template (User) and to add it to to the Application Policies as explained here: 

    1. On the Extensions tab, click Application Policies, and then click Edit.

    2. In the Edit Application Policies Extension dialog box, click Add.

    3. In Add Application Policy, ensure that the application you are creating does not exist, and then click New.

    4. In the New Application Policy dialog box, provide the name for the new application policy, note the generated object identifier, and then click OK.

    In this way my OID will be under X509v3 Extended Key Usage.

    Is it possible to create this OID under the x509v3 extensions directly (not as a child of Extended Key Usage) in the form of a key value pair? Ex: my_oid : my_custom_string

    Regards, Antonio


     

Alle Antworten

  • Mittwoch, 9. Januar 2013 16:15
     
     Beantwortet
    Anmelden
    0

    > Is it possible to create this OID under the x509v3 extensions directly (not as a child of Extended Key Usage) in the form of a key value pair? Ex: my_oid : my_custom_string

    you can register your OID under either Application Policy or Issuance (Certificate) Policy. Each OID has to belong to a predefined scope: http://msdn.microsoft.com/en-us/library/aa381435(VS.85).aspx

    In Active Directory you cannot register OID for other scopes than mentioned above (Application or Issuance Policy scope). Other OID groups can be registered only locally.

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Check out new: PowerShell FCIV tool.

     
  • Donnerstag, 10. Januar 2013 14:31
     
     
    Anmelden
    0

    Thanks for the replay,

    is it possible to add a value for my OID under Application Policy? From the GUI does not seem to be possible...

     
  • Donnerstag, 10. Januar 2013 16:29
     
     Beantwortet
    Anmelden
    1

    You need to use the Certificate templates console (certtmpl.msc) and edit an existing V2 or V3 certificate template.

    On the Extensions tab, you can add a New application policy OID. This is the only interface for adding OIDs.

    Just remember to not leave the application policy OID as part of the template you used to access the interface

    Brian

     
  • Montag, 14. Januar 2013 02:26
    Moderator
     
     
    Anmelden
    0

    Hi Antonio,

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

           
     
  • vor 18 Stunden 16 Minuten
     
     
    Anmelden
    0
    This worked perfect for me. Thanks.