O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing Cross Certification with Constraints

This section describes the steps involved in cross certifying your organization’s CA hierarchy with a partner’s CA hierarchy. The first step is to create a Cross Certification Signing certificate template. By default, there is no certificate template that satisfies the requirements for cross certification requests, so a custom version 2 certificate template must be created.

The certificate template must include the Qualified Subordination application policy OID (1.3.6.1.4.1.311.10.3.10). You can also enforce CA certificate manager approval and limit Read and Enroll permissions to designated users or groups.

Important

The Qualified Subordination application policy OID must be included in the certificate ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required