AD Certificate Services - certificate templates

AD Certificate Services - certificate templates

Post by Gordon.You » Fri, 05 Dec 2008 03:15:41


Hello,

My issue is this:
My organization's CP(S) indicates that our "end entity" or "user"
certificate profile contains a "Basic Constraints" extension with the
following attributes:
Subject Type=End Entity
Path Length Constraint=None

Regarding Active Directory Certificate Services on Windows Server 2003
Enterprise Edition Sp2:
in this TechNet article:
http://www.yqcomputer.com/ , To Change
basic constraints:

It is stated that "This procedure only works with certificate
templates that issue certificates that sign other certificates, such
as Cross Certification Authority and Root Certification Authority."

RFC3280 indicates that I should be able to specify basic constraints
in an end entity certificate. RFC3280 text: "This extension MAY
appear as a critical or non-critical extension in end entity
certificates."

Is there a way to create such a certificate template? I simply need a
"user" or end-entity cert with a basic constraints extension included.
I have no problem with using certutil or the registry if that is what
is required.

Thanks in advance!

~Gordon