SHA certificates RRS feed

  • Question

  • on new builds there are two SHA templates with object identifiers: and

    what is this second one? which one should be used? in all documentation only the first one is described. could anyone explain the difference/usage ?

    Tuesday, August 14, 2007 2:02 PM


  • Hi,


    The one ending in .3 is an EKU that is reserved for extended system health authentication. Basically, it can be used to give health certificates to noncompliant clients, so that both your compliant and noncompliant clients have a "health" certificate, but with different specifications. The second OID is not present in the latest builds because it was a little confusing to have two certificate application policies both named System Health Authentication. Sorry for the confusion.


    Please use the template with an application policy OID of for your NAP health certificates for now.



    Wednesday, August 15, 2007 2:27 AM