How to find out the max size of certificate attributes

The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema will tell for sure how many…


How to manually set the archive flag for certifictes

If you have to select a certain certificate for authentication for example, you may wonder why several certificates are presented by the UI. Internet Explorer may offer several client authentication certificates while securely connecting to a web site or Outlook presents a number of certificates that can be used for eMail encryption. One reason for…

5

How to download the most current CA certificate from a certificate web enrollment station

In some cases, you might want to download the most current CA certificate from a web enrollment station. Use the following URL to do so: http://www.contoso.com/certsrv/certnew.p7b?ReqID=CACert&Renewal=-1&Enc=b64   Replace www.contoso.com with the DNS computer name of your web enrollment station. The renewal=-1 parameter indicates that the latest certificate is targeted. The index of the renewal parameter…

1

How to exclude the certificate template name from certificates to be issued

By default, a Windows CA enterprise CA adds information about the used certificate template to issued certificates. These certificate attributes are especially important to perform certificate autoenrollement.  However, in heterogeneous environments you may have the requirement not to include the certificate template names in certificates. To avoid adding the certificate templates information into newly issued…