Custom OID (v2 Template) and Allowed-Certificate-OID attribute
Zemp Dominik
Why can't I use a custom OID from a v2 template in the
Allowed-Certificate-OID attribute in a remote access policy (the client can't
authenticate)?? It seems that only a 'standard' OID, e.g.
1.3.6.1.4.1.311.20.2.2 (Smart Card) can be used....
Thanks and Regards,
Dominik
-----------------------------
http://blogs.ecreation.ch
Carsten Kinder [MSFT]
> Why can't I use a custom OID from a v2 template in the
> Allowed-Certificate-OID attribute in a remote access policy (the client
> can't
> authenticate)?? It seems that only a 'standard' OID, e.g.
> 1.3.6.1.4.1.311.20.2.2 (Smart Card) can be used....
>
you tried this?
--
Carsten Kinder
Microsoft Services
This posting is provided "AS IS" with no warranties, and confers no rights.
Zemp Dominik
Thank you for your reply. I've just tried to add the custom OID (from the v2
template) as a new application policy, but the following message appear:
"The following object identifier has already ben used:
1.3.6.1.4.1.311.21.8.13024526.9616612.2378893.9781235.360351.69.4185377.2360514. Type a different value."
As I've understood, I have to create a new application policy with a new
unique OID and add this OID to the Allowed-Certificate-OID attribute in the
remote access policy. Is that correct?
Thanks and Regards,
Dominik
-----------------------------
http://blogs.ecreation.ch
Carsten Kinder [MSFT]
start with creating a new OID. Get one from a ISO Name Registration
Authority (http://msdn2.microsoft.com/en-us/library/ms677621.aspx) or create
a new application policy including a new custom OID. Enroll a certificate
from the template that has the application policy and make sure the
certificate carries the OID as part of the Enhanced key Usage (EKU)
attribute. Put the OID into the Allowed-Certificate-OID attribute in the
remote access policy.
--
Zemp Dominik
thank you for your detailed answer!!
Regards,
Dominik
--
-----------------------------
http://blogs.ecreation.ch