The capolicy.inf contains basic settings that can or should be specified before installing a certificate authority. In simple terms, it can be said that no certificate authority should be installed without it.
Continue reading „Grundlagen: Konfigurationsdatei für die Zertifizierungsstelle (capolicy.inf)“Tag: Exhibition guideline
Use Authentication Mechanism Assurance (AMA) to secure administrative account logins.
Authentication Mechanism Assurance (AMA) is a feature designed to ensure that a user is a member of a security group only if they can be shown to have logged in using a strong authentication method (i.e., a smart card). If the user logs in via username and password instead, he or she will not have access to the requested resources.
Originally intended for access to file servers, however, AMA can also be used (with some restrictions) for administrative logon. Thus, for example, it would be conceivable for a user to be unprivileged when logging in with a username and password, and to have administrative rights when logging in with a certificate.
Continue reading „Verwenden von Authentication Mechanism Assurance (AMA) für die Absicherung der Anmeldung administrativer Konten“Include the wildcard issuance policy (All Issuance Policies) in a certification authority certificate
If you install an issuing CA and do not explicitly request an issuance policy, the resulting CA certificate will not contain an issuance policy.
If you want to include the wildcard issuance policy (All Issuance Policies) in the certification authority certificate, you must proceed as follows:
Continue reading „Die Wildcard Ausstellungsrichtlinie (All Issuance Policies) in ein Zertifizierungsstellen-Zertifikat aufnehmen“Include the issuance policies for Trusted Platform (TPM) Key Attestation in a certification authority certificate.
If you install an issuing CA and do not explicitly request an issuance policy, the resulting CA certificate does not contain an issuance policy.
If you want to include the issuance policies for Trusted Platform (TPM) Key Attestation in the certification authority certificate, you must proceed as follows.
Continue reading „Die Ausstellungsrichtlinien (Issuance Policies) für Trusted Platform (TPM) Key Attestation in ein Zertifizierungsstellen-Zertifikat aufnehmen“Frequently Used Extended Key Usages and Issuance Policies
The following is a list of commonly used extended key usage and issuance policies that are used repeatedly in practice to restrict certificate authority certificates.
Continue reading „Häufig verwendete erweiterte Schlüsselverwendungen (Extended Key Usages) und Ausstellungsrichtlinien (Issuance Policies)“
English 
Deutsch