Hendrik Brockhaus said:Hello David,
As an example I would like to issue certificates with a
SubjectAlternativeName of the type DNSname and I would
like to input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
How can I provide a KeyUsage attribute and set it critical?
Kind regards,
Hendrik
-----Original Message-----
Can you provide an example of what type of attribute you would like to be
set? Some can be set at request time, some can be set at submission time.
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
-----Original Message-----
What additional attributes you are interested in putting in the certificate?
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
-----Original Message-----
Yes, this can be done: specify "SAN:dns=foo.bar" as a request attribute in
the Additional Attributes text.
For key usage, this has to be defined by the CA template:
Cert templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver 2003/deploy/confeat/ws03crtm.asp
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
Hello David,
As an example I would like to issue certificates with a
SubjectAlternativeName of the type DNSname and I would
like to input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
How can I provide a KeyUsage attribute and set it critical?
Kind regards,
Hendrik
you-----Original Message-----
Can you provide an example of what type of attribute
would like to beatset? Some can be set at request time, some can be set
submission time. and
confers no rights.wrote
in messageHow can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
.
Hendrik Brockhaus said:Thanks David for your reply, but I am sorry
the "SNA:dns=foo.bar" string in the Advanced Certificate
Request web page (in the Attributes text box) of my
Windows 2000 CA (stand-alone and enterprise) did not work.
Best Regards,
Hendrik
-----Original Message-----
Yes, this can be done: specify "SAN:dns=foo.bar" as a request attribute in
the Additional Attributes text.
For key usage, this has to be defined by the CA template:
Cert templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver 2003/deploy/confeat/ws03crtm.asp
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
Hello David,
As an example I would like to issue certificates with a
SubjectAlternativeName of the type DNSname and I would
like to input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
How can I provide a KeyUsage attribute and set it critical?
Kind regards,
Hendrik
-----Original Message-----
Can you provide an example of what type of attribute you
would like to be
set? Some can be set at request time, some can be set at
submission time.
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and
confers no rights.
http://support.microsoft.com
in message
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
.
Hendrik Brockhaus said:Hello Vishal,
As an example I would like to issue certificates by a
Windows 2000 CA (stand-alone or enterprise) with a
KeyUsage attribute and set it critical and I would like to
input the key usage values somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the KeyUsage request
data in that box. Is that the only way to do it? What kind
of information can I provide in what format in that box?
As a second example I would like to issue certificates by
a Windows 2000 CA (stand-alone or enterprise) with a
SubjectAltName of the type DNSname and I would like to
input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
David B. Cross [MS] already gave me the information to set
the SubjectAltName as "SAN:dns=foo.bar", but this does
neither work with my Windows 2000 stand-alone nor with my
Windows 2000 enterprise CA.
Can you help?
Kind regards,
Hendrik
-----Original Message-----
What additional attributes you are interested in putting in the certificate?
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
-----Original Message-----
Hi,
You also need to do
certutil -setreg policy\EditFlags EDITF_ATTRIBUTESUBJECTALTNAME2
And, for subject RDNs in request attributes, you may need to enable the
following:
certutil -setreg ca\CRLFlags CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT
on the CA and then restart the CA.
After that submit the request again.
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
Hello Vishal,
As an example I would like to issue certificates by a
Windows 2000 CA (stand-alone or enterprise) with a
KeyUsage attribute and set it critical and I would like to
input the key usage values somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the KeyUsage request
data in that box. Is that the only way to do it? What kind
of information can I provide in what format in that box?
As a second example I would like to issue certificates by
a Windows 2000 CA (stand-alone or enterprise) with a
SubjectAltName of the type DNSname and I would like to
input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
David B. Cross [MS] already gave me the information to set
the SubjectAltName as "SAN:dns=foo.bar", but this does
neither work with my Windows 2000 stand-alone nor with my
Windows 2000 enterprise CA.
Can you help?
Kind regards,
Hendrik
putting-----Original Message-----
What additional attributes you are interested in
in the certificate?andThanks,
Vishal[MSFT]
confers no rightswrote"Hendrik Brockhaus" <[email protected]>
in messageHow can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
.
-----Original Message-----
I am checking to see if this can be done with a windows 2000 CA. This is
definately supported in Windows Server 2003 - see doc for more info:
Operations guide -
http://www.microsoft.com/technet/prodtechnol/windowsserver 2003/maintain/operate/ws03pkog.asp
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
Thanks David for your reply, but I am sorry
the "SNA:dns=foo.bar" string in the Advanced Certificate
Request web page (in the Attributes text box) of my
Windows 2000 CA (stand-alone and enterprise) did not work.
Best Regards,
Hendrik
http://www.microsoft.com/technet/prodtechnol/windowsserver-----Original Message-----
Yes, this can be done: specify "SAN:dns=foo.bar" as a request attribute in
the Additional Attributes text.
For key usage, this has to be defined by the CA template:
Cert templates -and2003/deploy/confeat/ws03crtm.asp
confers no rights.wrote
in messagesetHello David,
As an example I would like to issue certificates with a
SubjectAlternativeName of the type DNSname and I would
like to input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
How can I provide a KeyUsage attribute and set it critical?
Kind regards,
Hendrik
-----Original Message-----
Can you provide an example of what type of attribute you
would like to be
set? Some can be set at request time, some can be
atsubmission time.
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and
confers no rights.
http://support.microsoft.com
in message
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
.
.
Hendrik Brockhaus said:Hi Vishal,
Thanks for you answer.
As I mentioned I work on a Windows 2000 CA and tried to
set the policy flag as you mentioned, but it did not work.
C:\>certutil -setreg policy\EditFlags
EDITF_ATTRIBUTESUBJECTALTNAME2
RCC 1 root
CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Poli
cy\EditFlags:
Old Value:
EditFlags REG_DWORD = 1bee (7150)
EDITF_REQUESTEXTENSIONLIST
EDITF_DISABLEEXTENSIONLIST
EDITF_ADDOLDKEYUSAGE
EDITF_ATTRIBUTEENDDATE
EDITF_BASICCONSTRAINTSCRITICAL
EDITF_BASICCONSTRAINTSCA
EDITF_ENABLEAKIKEYID
EDITF_ATTRIBUTECA
EDITF_ENABLEAKIISSUERNAME
EDITF_ENABLEAKIISSUERSERIAL
CertUtil: -setreg command FAILED: 0x8007000d (WIN32: 13)
CertUtil: The data is invalid.
Is it possible that this only works for Windows 2003
Server? How to do it on a Windows 2000 Server and what
about the KeyUsage?
Best Regards,
Hendrik
-----Original Message-----
Hi,
You also need to do
certutil -setreg policy\EditFlags EDITF_ATTRIBUTESUBJECTALTNAME2
And, for subject RDNs in request attributes, you may need to enable the
following:
certutil -setreg ca\CRLFlags CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT
on the CA and then restart the CA.
After that submit the request again.
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
Hello Vishal,
As an example I would like to issue certificates by a
Windows 2000 CA (stand-alone or enterprise) with a
KeyUsage attribute and set it critical and I would like to
input the key usage values somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the KeyUsage request
data in that box. Is that the only way to do it? What kind
of information can I provide in what format in that box?
As a second example I would like to issue certificates by
a Windows 2000 CA (stand-alone or enterprise) with a
SubjectAltName of the type DNSname and I would like to
input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
David B. Cross [MS] already gave me the information to set
the SubjectAltName as "SAN:dns=foo.bar", but this does
neither work with my Windows 2000 stand-alone nor with my
Windows 2000 enterprise CA.
Can you help?
Kind regards,
Hendrik
-----Original Message-----
What additional attributes you are interested in putting
in the certificate?
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and
confers no rights
in message
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
.
-----Original Message-----
Sorry, this is not supported on Win2000. Neither is Modifying KeyUsage
supported on Win2000.
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights
Hi Vishal,
Thanks for you answer.
As I mentioned I work on a Windows 2000 CA and tried to
set the policy flag as you mentioned, but it did not work.
C:\>certutil -setreg policy\EditFlags
EDITF_ATTRIBUTESUBJECTALTNAME2
RCC 1 root
CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Poli
cy\EditFlags:
Old Value:
EditFlags REG_DWORD = 1bee (7150)
EDITF_REQUESTEXTENSIONLIST
EDITF_DISABLEEXTENSIONLIST
EDITF_ADDOLDKEYUSAGE
EDITF_ATTRIBUTEENDDATE
EDITF_BASICCONSTRAINTSCRITICAL
EDITF_BASICCONSTRAINTSCA
EDITF_ENABLEAKIKEYID
EDITF_ATTRIBUTECA
EDITF_ENABLEAKIISSUERNAME
EDITF_ENABLEAKIISSUERSERIAL
CertUtil: -setreg command FAILED: 0x8007000d (WIN32: 13)
CertUtil: The data is invalid.
Is it possible that this only works for Windows 2003
Server? How to do it on a Windows 2000 Server and what
about the KeyUsage?
Best Regards,
Hendrik
need-----Original Message-----
Hi,
You also need to do
certutil -setreg policy\EditFlags EDITF_ATTRIBUTESUBJECTALTNAME2
And, for subject RDNs in request attributes, you may
to enable theandfollowing:
certutil -setreg ca\CRLFlags CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT
on the CA and then restart the CA.
After that submit the request again.
Thanks,
Vishal[MSFT]
confers no rightswrote"Hendrik Brockhaus" <[email protected]>
in messagelikeHello Vishal,
As an example I would like to issue certificates by a
Windows 2000 CA (stand-alone or enterprise) with a
KeyUsage attribute and set it critical and I would
tocertificatesinput the key usage values somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the KeyUsage request
data in that box. Is that the only way to do it? What kind
of information can I provide in what format in that box?
As a second example I would like to issue
bytoa Windows 2000 CA (stand-alone or enterprise) with a
SubjectAltName of the type DNSname and I would like to
input the DNS name value somewhere in the Advanced
Certificate Request web page.
In the Advanced Certificate Request web page there is the
Attributes text box in the Additional Options part of the
page. My idea was to somehow input the SubjectAltName
request data in that box. Is that the only way to do it?
What kind of information can I provide in what format in
that box?
David B. Cross [MS] already gave me the information
setwiththe SubjectAltName as "SAN:dns=foo.bar", but this does
neither work with my Windows 2000 stand-alone nor
myWindows 2000 enterprise CA.
Can you help?
Kind regards,
Hendrik
-----Original Message-----
What additional attributes you are interested in putting
in the certificate?
Thanks,
Vishal[MSFT]
--
This posting is provided "AS IS" with no warranties, and
confers no rights
in message
How can I set additional attributes in the certrqma.asp
web page for certificates to be issued by a Microsoft
Windows 2000 CA (either stand-alone or enterprise)?
.
.
.