A PowerShell module for exporting, importing, removing, permissioning, publishing Active Directory Certificate Templates. It also includes a DSC resource for creating AD CS templates using these functions. This was built with the intent of using DSC for rapid lab builds. Could also work in production to move templates between AD CS environments.
MIT License
81
stars
24
forks
source link
Custom application policy and certificate policy OIDs are not exported #5
In ADCS, PKI administrators may define custom application policies (MSFT analogue of Enhanced Key Usage extension) and certificate policies. When exporting certificate template, it might be reasonable to export custom OIDs (non-standard) as well and register them in target forest if they are absent.
Application policies are smple OID<=>VALUE mappings.
Certificate policy OIDs are same OID<=>VALUE mappings, but contain additional policy qualifiers:
-- CPS (certificate practices statement) location URL
-- Short description (user notice)
Both are optional, but at least one policy qualifier must be specified. ADCS does not allow empty policies.
In ADCS, PKI administrators may define custom application policies (MSFT analogue of Enhanced Key Usage extension) and certificate policies. When exporting certificate template, it might be reasonable to export custom OIDs (non-standard) as well and register them in target forest if they are absent.
Both are optional, but at least one policy qualifier must be specified. ADCS does not allow empty policies.