Thanks a lot Martin
That solution you provided works perfectly. I can now use T (title) also.
I didn't see that website your referred too before, was quiet helpfull.
I still have one problem that remains:
My sub ca does not add the Basiccontraint extension to the certificate. Furthermore I also like to make it critical. While I can successfully generate the request that contains these parameters:
C:\PKI\test>certutil.exe -setextension 25 2.5.29.19 1 @bc.txt
0000 30 00 0.
CertUtil: -setextension command completed successfully.
The resulting certificate doesn't contain it.
I have also done the following but no change... Any idea's?
C:\PKI\test>certutil -setreg policy\EditFlags -EDITF_BASICCONSTRAINTSCRITICAL
SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\KFBN-FRNB Issuing CA Class A\PolicyModules\Certificate
Authority_MicrosoftDefault.Policy\EditFlags:
Old Value:
EditFlags REG_DWORD = 83e6 (33766)
EDITF_REQUESTEXTENSIONLIST -- 2
EDITF_DISABLEEXTENSIONLIST -- 4
EDITF_ATTRIBUTEENDDATE -- 20 (32)
EDITF_BASICCONSTRAINTSCRITICAL -- 40 (64)
EDITF_BASICCONSTRAINTSCA -- 80 (128)
EDITF_ENABLEAKIKEYID -- 100 (256)
EDITF_ATTRIBUTECA -- 200 (512)
EDITF_ATTRIBUTEEKU -- 8000 (32768)
New Value:
EditFlags REG_DWORD = 83a6 (33702)
EDITF_REQUESTEXTENSIONLIST -- 2
EDITF_DISABLEEXTENSIONLIST -- 4
EDITF_ATTRIBUTEENDDATE -- 20 (32)
EDITF_BASICCONSTRAINTSCA -- 80 (128)
EDITF_ENABLEAKIKEYID -- 100 (256)
EDITF_ATTRIBUTECA -- 200 (512)
EDITF_ATTRIBUTEEKU -- 8000 (32768)
Kris
Bookmarks