Errata for Windows Server® 2008 PKI and Certificate Security
The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
|Other Digital Version
Source: Skillport / Books24x7
Chapter 10: Online Certificate Status Protocol. Immediately after figure 10-4.
As discussed in Chapter 6, "Impementing a CA Hierarcyy," you can also configure the OCSP URLs at a command prompt. The following command sets both CA Certificate and OCSP URLs for the designated CA:
||Apr 04, 2012
Error in acronym: Federal Public Key Infrastructure Architecture (FBKIA)
The correct acronym is: FPKIA
|Edy Javier Milla
||May 08, 2013
Figure 4-3 A sample domain configuration
In root domain we have two enterprise CA:
CA2 and CA2
But if we go to page 65 we have the 1st paragraph:
"There are two enterprise CAs in the forest, CA1 and CA2, ..."
||Mar 22, 2010
4th bullet point
Author discussed the error here:
"the correct entry is AlternateSignatureAlgorithm instead of DiscreteSignatureAlgorithm"
||Dec 07, 2012
CAPolicy.inf sample (last 6 lines of the page)
The sample file is valid for Windows 2000 but not for Windows 2008.
The values for the parameters CRL*** and CRL***Units must be switched.
In the book :
To make it work, must be replaced by :
||Jan 19, 2011
On the page 219 of the "Windows Server 2008 PKI and Certificate Security" we read:
On the Extensions tab, select the added Online Responder URL, select the Include In The AIA Extension Of Issued Certificates and Include In The Online Certificate Status Protocol (OCSP) Extension check boxes, and then click OK.
The above statement is incorrect. The correct statement is as follows:
On the Extensions tab, just select the Issued Certificates and Include In The Online Certificate Status Protocol (OCSP) Extension check boxe, and then click OK.
||Mar 20, 2011
On the section: Creating the Cross Certification Authority Request File.
2. At a command prompt, type certutil -policy to create the certificate request file that enforces all the cross certification conditions defined in the Policy.inf file.
The certutil command cannot be used to create the certificate request file even -policy is a wrong argument.
The correct command is: certreq
This must be read:
2. At a command prompt, type certreq -policy to create the certificate request file that enforces all the cross certification conditions defined in the Policy.inf file.
|Edy Javier Milla
||Jun 20, 2012