Skip navigation
Menu
Compute Engines>Windows Server

JSI Tip 8195. How can a Windows Server 2003 intermediate CA (Certification Authority) permit issuing policies for itself, or for subordinate CAs?

An intermediate CA does NOT permit issuing policies for itself, or for subordinate CAs.

If you wish to configure an intermediate CA to permit this behavior:

1. Open the %SystemRoot%\CApolicy.inf file in Notepad. If the file does not exist, create it to contain:

\[Version\]
Signature= "$Windows NT$"

2. After the \[Version\] section, add the following:

\[PolicyStatementExtension\]
Policies = AllIssuancePolicy
Critical = FALSE

\[AllIssuancePolicy\]
OID = 2.5.29.32.0

3. Save the %SystemRoot%\CApolicy.inf file.

4. Exit Notepad.

5. Open a CMD.EXE Window and type the following, pressing Enter after each line:

net stop certsvc
net start certsvc

NOTE: If you created a new %SystemRoot%\CApolicy.inf file, it would look like:

\[Version\]
Signature= "$Windows NT$"

\[PolicyStatementExtension\]
Policies = AllIssuancePolicy
Critical = FALSE

\[AllIssuancePolicy\]
OID = 2.5.29.32.0



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
square buttons on blue backgrounds
How To Copy a Hyper-V Virtual Machine to a New Location
Mar 08, 2024
glowing gears in a digital network
10 Most Popular PowerShell Tips and Tricks in 2023
Dec 26, 2023
PowerShell screenshot
Tracking Windows Group Policy Changes With PowerShell
Aug 22, 2023
an example of the PowerShell interface
10 Popular PowerShell Tips and Tricks in 2023
Jul 25, 2023