Limiting the path length - Uwe Gradenegger

Basics: Path Length Constraint

The attack on the MD5 signature algorithm demonstrated in late 2008 could only be used to create a usable forged certification authority certificate because the attacked certification authority had not configured any path length restriction.

The limitation of the path length is defined in the RFC 5280 described. The idea behind this is that the maximum depth of the certification authority hierarchy is stored in the "Basic Constraints" extension of a certification authority certificate.

Certificate authority certificate request fails with error message "The certification authority's certificate contains invalid data. 0x80094005 (-2146877435 CERTSRV_E_INVALID_CA_CERTIFICATE)".

Assume the following scenario:

A Certification Authority certificate is requested from a Certification Authority
The certificate request fails with the following error message:

The certification authority's certificate contains invalid data. 0x80094005 (-2146877435 CERTSRV_E_INVALID_CA_CERTIFICATE)
Denied by Policy Module

Configure Path Length Constraint for Certificates Issued by a Certification Authority

For stronger control over the certificates that can be issued by a certification authority, a path length constraint can be set up so that certification authorities above a defined hierarchy level are no longer able to issue subordinate certification authority certificates

For an explanation of how the path length constraint works, see the article "Basics: Path Length Constraint"..