CAPolicy.inf Syntax

• A CApolicy.inf file for a Windows 2000 root CA would look like this:

  [Version]
  Signature= "$Windows NT$"
  [Certsrv_Server]
  RenewalKeyLength=4096
  RenewalValidityPeriodUnits=Years
  RenewalValidityPeriod=10
  [CRLDistributionPoint]
  [AuthorityInformationAccess]

• A CApolicy.inf file for a Windows 2003 root CA would look like this:

  [Version]
  Signature= "$Windows NT$"
  [Certsrv_Server]
  RenewalKeyLength=4096
  RenewalValidityPeriod=Years
  RenewalValidityPeriodUnits=10
  [CRLDistributionPoint]
  [AuthorityInformationAccess]

• The parameters specified in the [Certsrv_Server] section must be greater or must match the key length and validity period used during the CA setup.
  • Otherwise the value specified in the CApolicy.inf file will be ignored.

• Keynames are different for Windows 2000 and Windows Server 2003.
  • Fortunately the Windows Server 2003 Certification Server is able to interpret the old Windows 2000 syntax.
  • RenewalValidityPeriod and RenewalValidityPeriodUnits parameters are switched in Windows Server 2003.

Let us review this chapter.

---

---

© 2006 John Michael Pierobon

Notes