Implementing a PKI, Part III: Managing Microsoft Certification Services - Configure Root CA Certificate Properties
(Page 4 of 6 )
You may need to modify some properties on the digital certificate for smooth operation of the certification services.
To access the digital certificate’s properties, right-click on the local Root CA and go to <Properties> from the CA’s console.
Policy Module
Under the Policy Module -> Request Handling you could set the action required when a certificate request is received.
There are two options when a certificate request is received:
- Set the certificate request status to pending. The administrator must explicitly issue the certificate.
- Follow the settings in the certificate template, if applicable. Otherwise automatically issue the certificate.
I recommend that you select the first option.
CRL & AIA Distribution points
Click on the Extensions tab that provides information about the CRL Distribution Points and the Authority Information Access (AIA).
Depending on your implementation, you may need to change the distribution points for the CRL and the AIA included on every issued certificate. I covered CRL in a previous section so I will just explain what AIA is.
The AIA distribution location allows the client program to obtain a current copy of the CA’s current certificate. CA certificates are required when a certificate chain is built. Chain building is performed as part of the certificate verification process.
Next: Configure CRL’s Distribution Points >>
More Windows Security Articles
More By Eliana Stavrou