After that key usage field of enrolled certificates have changed to "data ecnryption (20)", but I don't know why. So with this key usage I can sign documents, can ecnrypt mails, but can't sign them (key usage must contain digital signature).
How to change key usage field in standalone CA ??
Edited byC1one_38Thursday, February 27, 2014 10:31 AM
There are three primary types of digital certificates: self-signed certificates, Windows PKI-generated certificates, and third-party certificates.
Windows public key infrastructure certificates.
Trusted third-party certificates.
When you choose the type of certificate to install, there are several things to consider. A certificate must be signed to be valid. It can be self-signed or signed by a CA.
A self-signed certificate has limitations. For example, not all mobile devices let a user install a digital certificate in the trusted root certificate store. The ability to install certificates on a mobile device depends on the mobile device manufacturer
and the mobile service provider. Some manufacturers and mobile service providers disable access to the trusted root certificate store. In this case, neither a self-signed certificate nor a certificate from a Windows PKI CA can be installed on the mobile device.
The related KB:
More about the Exchange question please post to the Exchange forum.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.