Microsoft KB Archive/842010

= How to permit all issuing policies on intermediate CAs in Windows Server 2003 =

Article ID: 842010

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

-





SUMMARY
By default, an intermediate certification authority (CA) does not permit issuing policies for itself or for subordinate CAs. However, in some circumstances, you may want to configure the intermediate CA to permit all issuing policies.



MORE INFORMATION
To configure the intermediate CA to permit all issuing policies, you must modify the CApolicy.inf file. To modify the CApolicy.inf file, follow these steps.

Note The CApolicy.inf file is located in the %SystemRoot% folder.  Open the CApolicy.inf file in Notepad. If the CApolicy.inf file does not exist, create the file. Add the following lines after the [Version] section:

[PolicyStatementExtension]

Policies = AllIssuancePolicy

Critical = FALSE

[AllIssuancePolicy]

OID = 2.5.29.32.0

 On the File menu, click Save. On the File menu, click Exit. Click Start, point to Administrative Tools, and then click Services. Stop and then restart the Certificate Services service.</ol>

If you created a new CApolicy.inf file, the saved file is similar to the following:

[Version]

Signature= &quot;$Windows NT$&quot;

[PolicyStatementExtension]

Policies = AllIssuancePolicy

Critical = FALSE

[AllIssuancePolicy]

OID = 2.5.29.32.0

<div class="references_section">