Jump to content


anyweb

How can I configure PKI in a lab on Windows Server 2016 - Part 5

Recommended Posts

on your extensions tab, what does your CRL Distribution Point (CDP) list ?, attach it here...

Share this post


Link to post
Share on other sites


Thank you for the lab (up to part 6 its all working fine)

Just a short question: how can I add templates? My PaloAlto FW needs the Subordinate Certification Authority template for inspecting network traffic. It is only with "new - certificate template to issue"? (This sounds too easy 🙂 )

 

And what is the reason for using the template = 0 in the CAPolicy.inf file?

Best from Singapore

Lutz

Edited by Lutz Rahe

Share this post


Link to post
Share on other sites
Thank you for the lab (up to part 6 its all working fine) 

Great to hear it !

Just a short question: how can I add templates? My PaloAlto FW needs the Subordinate Certification Authority template for inspecting network traffic. It is only with "new - certificate template to issue"? (This sounds too easy 🙂 ) 

in Certsrv.msc on the IssuingCA right click on Certificate Templates, and choose Manage, you can then select a known Certificate Template (for example Workstation Authentication) that matches what is required for your FW, check the documentation of the FW to see exactly what type of certificate it requires and duplicate it by chgoosing Duplicate Template

then rename it to your needs and adjust it to suit the FW requirements

and as for your other question, see this answer from Technet.

According to https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/prepare-the-capolicy-inf-file the LoadDefaultTemplate flag only applies to an enterprise CA.

My assumption is that if you set up a standalone, the templates will be loaded nevertheless.

LoadDefaultTemplates only applies during the install of an Enterprise CA. This setting, either True or False (or 1 or 0), dictates if the CA is configured with any of the default templates.

  • Thanks 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...