Frequently Used Extended Key Usages and Issuance Policies

The following is a list of commonly used extended key usage and issuance policies that are used repeatedly in practice to restrict certificate authority certificates.

Frequently used extended key usages:

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

The extended key usages are also referred to in some documentation as Application Policies called.

OIDDescription Request Agent Authentication Signing Signing Signing Encryption file system Recovery Security End System Security IKE Intermediate Security Tunnel Endpoint Security User Recovery Authentication Trust List Signing Subordination List Signer E-mail Authentication Logon Stamping according to RFC 3161 Signing Desktop Authentication Key Archival
2.16.840.1.113741.1.2.3Intel Advanced Management Technology (AMT) Provisioning

Frequently used issuance policies (Issuance Policies):

OIDDescription Issuance Policies (AnyPolicy) Key AttestationUser Credentials: (Low Assurance) Key AttestationEndorsement Certificate: (Medium Assurance) Key AttestationEndorsement Key: (High Assurance)

Related links:

External sources

20 thoughts on “Häufig verwendete erweiterte Schlüsselverwendungen (Extended Key Usages) und Ausstellungsrichtlinien (Issuance Policies)”

Comments are closed.