Suppressing certificate attributes in a CA certificate request

When a PKCS#10 request for a CA certificate is generated, a pre-defined set of certificate attributes is included. This blog entry explains how to eliminate attributes that would go into the CA certificate request by default. Imagine that you are setting up a new subordinate CA where the parent CA is a non Windows CA….


Creating offline certificate requests through the user-interface on Windows Vista or Windows Server 2008

Windows Vista and Windows Server 2008 have a convenient user interface to create custom certificate requests. This is especially helpful since computer certificate enrollment through the web enrollment pages was discontinued from Windows Server 2008 and on. If you want to create a custom certificate request, perform the following steps: 1. Start the Certificates MMC…


Disposition values for certutil –view –restrict (and some creative samples)

A while ago I explained how to determine all certificates that will expire within a given period. Now I’d like to explain how to query the CA database based on certificate or request disposition. The disposition ID’s are defined in the certsrv.h include file in the Windows SDK. The following two tables show the disposition…