Errata for Windows Server® 2008 PKI and Certificate Security
The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
| Version |
Location |
Description |
Submitted by |
Date submitted |
| Other Digital Version |
na
|
Source: Skillport / Books24x7
Chapter 10: Online Certificate Status Protocol. Immediately after figure 10-4.
Impementing
Hierarcyy
As discussed in Chapter 6, "Impementing a CA Hierarcyy," you can also configure the OCSP URLs at a command prompt. The following command sets both CA Certificate and OCSP URLs for the designated CA:
|
Ken Cox |
Apr 04, 2012 |
| PDF |
Page 43
2nd |
Error in acronym: Federal Public Key Infrastructure Architecture (FBKIA)
The correct acronym is: FPKIA
|
Edy Javier Milla |
May 08, 2013 |
| Printed |
Page 64
Figure 4-3 A sample domain configuration |
In root domain we have two enterprise CA:
CA2 and CA2
But if we go to page 65 we have the 1st paragraph:
"There are two enterprise CAs in the forest, CA1 and CA2, ..."
|
Ricardo Fernandes |
Mar 22, 2010 |
| Printed, PDF |
Page 109
4th bullet point |
Author discussed the error here:
http://social.technet.microsoft.com/Forums/en-CA/winserversecurity/thread/faa2c31c-c50f-4083-a641-eff41d7e1b39
"the correct entry is AlternateSignatureAlgorithm instead of DiscreteSignatureAlgorithm"
|
Rob Elliott |
Dec 07, 2012 |
| Printed, PDF |
Page 134
CAPolicy.inf sample (last 6 lines of the page) |
The sample file is valid for Windows 2000 but not for Windows 2008.
The values for the parameters CRL*** and CRL***Units must be switched.
In the book :
CRLPeriod=3
CRLPeriodUnits=days
CRLOverlapPeriod=4
CRLOverlapPeriodUnits=hours
CRLDeltaPeriod=12
CRLDeltaPeriodUnits=hours
To make it work, must be replaced by :
CRLPeriod=days
CRLPeriodUnits=3
CRLOverlapPeriod=hours
CRLOverlapPeriodUnits=4
CRLDeltaPeriod=hours
CRLDeltaPeriodUnits=12
|
Gérald Strozyk |
Jan 19, 2011 |
| Printed, PDF |
Page 219
First paragraph |
On the page 219 of the "Windows Server 2008 PKI and Certificate Security" we read:
On the Extensions tab, select the added Online Responder URL, select the Include In The AIA Extension Of Issued Certificates and Include In The Online Certificate Status Protocol (OCSP) Extension check boxes, and then click OK.
The above statement is incorrect. The correct statement is as follows:
On the Extensions tab, just select the Issued Certificates and Include In The Online Certificate Status Protocol (OCSP) Extension check boxe, and then click OK.
|
Reza Alikhani |
Mar 20, 2011 |
| PDF |
Page 405
2nd |
On the section: Creating the Cross Certification Authority Request File.
2. At a command prompt, type certutil -policy to create the certificate request file that enforces all the cross certification conditions defined in the Policy.inf file.
The certutil command cannot be used to create the certificate request file even -policy is a wrong argument.
The correct command is: certreq
This must be read:
2. At a command prompt, type certreq -policy to create the certificate request file that enforces all the cross certification conditions defined in the Policy.inf file.
|
Edy Javier Milla |
Jun 20, 2012 |