First published on TECHNET on Aug 08, 2011
If you have commonly asked questions about certificate services or PKI that you think should be listed in the Active Directory Certificate Services Frequently Asked Questions (AD CS FAQ ) list, I encourage you to submit them to the TechNet Wiki posting http://social.technet.microsoft.com/wiki/contents/articles/ad-cs-faq.aspx . Don't worry about the formatting, I can clean that up, if needed. Also, if you would rather have me add something for you, feel free to just reply to this blog. Thank you!
This may not be a frequently asked question but hoping someone can answer it.
In trying to figure out what I needed to do to ensure a new certificate template had an extension with the BMP data value "DomainController" I incorrectly added a new EKU named "DomainController" with the OID value 18.104.22.168.4.1.311.20.2 (in a test environment).
Certificate Templates Console -> Duplicate template -> Extensions tab -> Application Policies -> new EKU added via Edit Application Policies Extension window.
Is it possible to delete it (rather than just remove it from the template)? What is the BMP data value referring to - the Certificate Template Name extension?
I have never dealt with this. I simply use one of the existing Domain Controller templates to create new ones. Mainly the Kerberos Authentication template now days. I've never had any issues where I had to validate this setting and it is only present in the article leveraging 3rd party certificates for CA's.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.