Establishing authentication and signature requirements for enrollment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Establishing authentication and signature requirements for enrollment
When subjects submit certificate requests to a certification authority, the request can either be automatically approved or placed into a "pending" state. A pending state is normally used for certificates that require a higher level of assurance and consequently require more administration and further verification of the request. There are a number of settings that can configure the authentication and signature requirements for issuance certificates that are based on a template.
Setting | Description |
---|---|
CA certificate manager approval |
All certificates are placed into the pending container for a certificate manager to issue or deny. |
This number of authorized signatures |
This setting requires the certificate request to be digitally signed by one or more subjects before it can be issued. This enables several other configuration parameters. |
Policy type required in signature |
The signatures that are required for issuing a certificate must contain either a specific application policy, issuance policy, or both. This is how the certification authority determines whether the signature is appropriate for authorizing the issuance of the subject's certificate. This option is enabled when This number of authorized signatures is set. |
Application policy |
Specifies the application policy that is checked for when signing a certificate request. This option is enabled when Policy type required in signature is set to either Application policy or Both application and issuance policy. |
Issuance policy |
Specifies which issuance policies will be checked when signing a certificate request. This option is enabled when Policy type required in signature is set to either Issuance policy or Both application and issuance policy. |