locked
Question: How to create a sub ca with issuance policies purposes/permissions? RRS feed

  • Question

  • Hi there,

    i configured my two-tier pki hierarchy with the guide in myitworld. (sorry can't post the link)

    Everything works fine, till i want to add an Issuance Policy to a certificate.

    It doesn't matter wich issuance policy i choose (High Assurance, Medium Assurance or an new created Policy).

    I'm getting this error by trying to enroll the certificate:

    "The certificate has invalid policy.

    Error Constructing or Publishing Certificate  Invalid issuance Policies: <OID>

    The certificate has invalid policy. 0x800b0113 (-2146762477 CERT_E_INVALID-POLICY)."

    My Root CA has an Certificate with issuance and application purposes.

    My Issuing CA has an Certificate with only application purposes.

    I am new in PKI and read some guides and blog, but can't finde the answer of my problem.

    Hope anybody here can help me.

    Thanks

    Wednesday, August 1, 2018 7:24 AM

All replies