My issue is this:
My organization's CP(S) indicates that our "end entity" or "user"
certificate profile contains a "Basic Constraints" extension with the
Subject Type=End Entity
Path Length Constraint=None
Regarding Active Directory Certificate Services on Windows Server 2003
Enterprise Edition Sp2:
in this TechNet article:
, To Change
It is stated that "This procedure only works with certificate
templates that issue certificates that sign other certificates, such
as Cross Certification Authority and Root Certification Authority."
RFC3280 indicates that I should be able to specify basic constraints
in an end entity certificate. RFC3280 text: "This extension MAY
appear as a critical or non-critical extension in end entity
Is there a way to create such a certificate template? I simply need a
"user" or end-entity cert with a basic constraints extension included.
I have no problem with using certutil or the registry if that is what
Thanks in advance!