Add resource for setting Advanced Certificate Authority properties #13
Assignees
Labels
in progress
The issue is being actively worked on by someone.
resource proposal
The issue is proposing a new resource in the resource module.
Comments
kwirkykat
added
the
resource proposal
PlagueHO
added
the
help wanted
|
There's quite a bit more that would be useful too for a functional PKI, like setting up certificate templates. I've used pspki in the past. Vadim's module is monumental in its coverage and capability. Is leveraging an external module like this an option or would that be an obstacle due to the CLA requirement? It is licensed under a mixture of MS-PL (for the PS module & pkix.net) & MIT licenses (for Asn1DerParser.NET |
|
It is possible. I'm not sure of the licensing issue. Something to bring up at the DSC community call next week? |
PlagueHO
added
in progress
|
I'm working on this one and using registry keys to read settings and certutil.exe to write settings. |
Merged
9 tasks
PlagueHO
added a commit
that referenced
this issue
Aug 6, 2019
BREAKING CHANGE: Add Active Directory Certificate Authority Settings Resource - Fixes #13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This allows setting of many of the registry properties on a CA that are usually set by the
certutil -setreg CAandcertutil -getreg CAcommands.Setting these are normally required for configuring any CA - especially if AIA or CDP is being configured (which most should have).
These settings can be configured by direct registry settings, so using the
CertUtil.exe -setreg CAcommand is not required.Here is an example of usage of these commands when installing a CA:
http://blogs.technet.com/b/xdot509/archive/2012/10/27/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-part-iii-post-configuration-of-root-certification-authority.aspx
The text was updated successfully, but these errors were encountered: