Hi,
I've found two issues related to OIDs / certificate templates - I'm working on Windows Server 2012.
__The first issue was with registering OIDs.__
_The following command reports successful:_
Register-ObjectIdentifier -FriendlyName "MyClass 3 Primary CA Certificate Policy" -Value "1.2.3.4.5" -OidGroup IssuancePolicy -CPSLocation "http://www.mypolicy/pki/rpa3-1.pdf" -UseActiveDirectory
_The following command fails:_
Register-ObjectIdentifier -FriendlyName "MyClass 2 Primary CA Certificate Policy" -Value "2.3.4.5.6" -OidGroup IssuancePolicy -UseActiveDirectory
I should add that although the second command generates errors, the OID is actually registered properly in AD. The command doesn't like registering issuance policy OIDs where no CPSLocation is specified.
My requirement is that some OIDs have a CPS reference and some don't and therefore the ability to run register-objectidentifier without specifying a CPSLocation would be great.
I am obviously giving sample data here in my example!
__The second issue is running certificate template commands where there is a "problem" with OIDs__
If I run getCertificateTemplate I have errors for certificates which exhibit one of the following two characteristics:
* Issuance Policy contains an OID registered without a CPSLocation value
* Application Policy contains the application OID: 1.3.6.1.5.2.3.4
PS. I love PSPKI - it's a fantastic piece of work.
Regards, Chipeater
Comments: Fixed in 2.8
I've found two issues related to OIDs / certificate templates - I'm working on Windows Server 2012.
__The first issue was with registering OIDs.__
_The following command reports successful:_
Register-ObjectIdentifier -FriendlyName "MyClass 3 Primary CA Certificate Policy" -Value "1.2.3.4.5" -OidGroup IssuancePolicy -CPSLocation "http://www.mypolicy/pki/rpa3-1.pdf" -UseActiveDirectory
_The following command fails:_
Register-ObjectIdentifier -FriendlyName "MyClass 2 Primary CA Certificate Policy" -Value "2.3.4.5.6" -OidGroup IssuancePolicy -UseActiveDirectory
I should add that although the second command generates errors, the OID is actually registered properly in AD. The command doesn't like registering issuance policy OIDs where no CPSLocation is specified.
My requirement is that some OIDs have a CPS reference and some don't and therefore the ability to run register-objectidentifier without specifying a CPSLocation would be great.
I am obviously giving sample data here in my example!
__The second issue is running certificate template commands where there is a "problem" with OIDs__
If I run getCertificateTemplate I have errors for certificates which exhibit one of the following two characteristics:
* Issuance Policy contains an OID registered without a CPSLocation value
* Application Policy contains the application OID: 1.3.6.1.5.2.3.4
PS. I love PSPKI - it's a fantastic piece of work.
Regards, Chipeater
Comments: Fixed in 2.8