none
Certificate key usage in standalone CA

    Question

  • I have a problem with a standalone sub CA.

    Certificate must be able to sign Outlook mails, encrypt them and sign Word documents, so in certqtp.inc I've changed rgAvailReqTypes parametr for my certificate:

    rgAvailReqTypes(0,FIELD_OID)="1.3.6.1.4.1.311.10.3.12, 1.3.6.1.5.5.7.3.4, 1.3.6.1.5.5.7.3.2, 1.3.6.1.4.1.311.10.3.4"

    After that key usage field of enrolled certificates have changed to "data ecnryption (20)", but I don't know why. So with this key usage I can sign documents, can ecnrypt mails, but can't sign them (key usage must contain digital signature).

    How to change key usage field in standalone CA ??


    • Edited by C1one_38 Thursday, February 27, 2014 10:31 AM
    Thursday, February 27, 2014 10:29 AM

Answers

  • Hi,

    There are three primary types of digital certificates: self-signed certificates, Windows PKI-generated certificates, and third-party certificates.

    1. Self-signed certificates.
    2. Windows public key infrastructure certificates.
    3. Trusted third-party certificates.

    When you choose the type of certificate to install, there are several things to consider. A certificate must be signed to be valid. It can be self-signed or signed by a CA. A self-signed certificate has limitations. For example, not all mobile devices let a user install a digital certificate in the trusted root certificate store. The ability to install certificates on a mobile device depends on the mobile device manufacturer and the mobile service provider. Some manufacturers and mobile service providers disable access to the trusted root certificate store. In this case, neither a self-signed certificate nor a certificate from a Windows PKI CA can be installed on the mobile device.

    The related KB:

    More about the Exchange question please post to the Exchange forum.

    http://social.technet.microsoft.com/Forums/en-us/home?filter=alltypes&sort=lastpostdesc&brandIgnore=true

    Thanks for your understanding and support


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.


    Wednesday, March 05, 2014 2:43 AM
    Moderator