PKI - CA setup key usage problem

Giganews Newsgroups
Subject: PKI - CA setup key usage problem
Posted by:  Joseph (Jose…@discussions.microsoft.com)
Date: Tue, 13 Jan 2009

Hi all!

I am now setting up standalone Certificate Authority (Root & Subordinate CA)
using Windows Server 2003 R2 Standard Edition.

Under the default setting, I got "Key Usage" for both CA as "Digital
Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)".

For some reasons, I want to change the key usage to "Digital Signature,
Non-Repudiation,
Certificate Signing, Off-line CRL Signing, CRL Signing (c6)". How can I do it?

Also, in the "Authority Key Identifier" field, I would like to include both
"Certificate Issuer" & "Certificate Serialnumber" into this field. I tried
the following commands already but it didn't work.

certutil -setreg policy\EditFlags +EDITF_ENABLEAKIISSUERNAME
certutil -setreg policy\EditFlags +EDITF_ENABLEAKIISSUERSERIAL

Can anyone help me with steps how to setup?

Replies