|Subject:||PKI - CA setup key usage problem|
|Posted by:||Joseph (Jose…@discussions.microsoft.com)|
|Date:||Tue, 13 Jan 2009|
I am now setting up standalone Certificate Authority (Root & Subordinate CA)
using Windows Server 2003 R2 Standard Edition.
Under the default setting, I got "Key Usage" for both CA as "Digital
Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)".
For some reasons, I want to change the key usage to "Digital Signature,
Certificate Signing, Off-line CRL Signing, CRL Signing (c6)". How can I do it?
Also, in the "Authority Key Identifier" field, I would like to include both
"Certificate Issuer" & "Certificate Serialnumber" into this field. I tried
the following commands already but it didn't work.
certutil -setreg policy\EditFlags +EDITF_ENABLEAKIISSUERNAME
certutil -setreg policy\EditFlags +EDITF_ENABLEAKIISSUERSERIAL
Can anyone help me with steps how to setup?