Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Download this attached file allowed_ca_policies.xml.
  2. Open this file in any text editor:

    Code Block
    titlecertificate_policies.xml
    themeRDark
    languagepowershell
    <?xml version="1.0" encoding="UTF-8"?>
    <AllowedPolicyOIDs>
       <CA FriendlyName="ADSS Samples Test CA">
          <CertificatePolicies>
             <PolicyDefinition>
                <PolicyId>2.16.12.3.1.1.1</PolicyId>
             </PolicyDefinition>
             <PolicyDefinition>
                <PolicyId>2.16.12.3.1.1.2</PolicyId>
             </PolicyDefinition>
          </CertificatePolicies>
       </CA>
    </AllowedPolicyOIDs>

    Following sections explain each part of the XML:

    XML TagsDescription
    AllowedPolicyOIDsAllowedPolicyOIDs is the root element
    CA

    The elements in between <CA> and </CA> tags are used to define the CA configurations, it includes the following attribute:

    • FriendlyName: Specify the CA Friendly Name which is already configured as Local CA in ADSS Server i.e. Manage CAs > Local CAs

    Note: If it is required to configure allowed policies for multiple issuing CAs then repeat this tag along with child nodes.

    CertificatePoliciesThe elements in between <CertificatePolicies> and </CertificatePolicies> tags are used to define multiple allowed certificate policies for issuing certificates.
    PolicyDefinition

    The elements in between <PolicyDefinition> and </PolicyDefinition> tags are used to define multiple certificate policies definitions against a issuing CA. It includes following child node:
    PolicyId: Specify the Policy OID to be included in the allowed list

    Note: If it is required to add multiple policy definitions against the same issuing CA then repeat this tag along with child node

  3. Fill in the Template ID, PolicyId, CpsUri and UserNotice FriendlyName and PolicyID accordingly
  4. Save the changes and close the file
  5. Move this file to location [ADSS Server installation directory]/conf
  6. Restart the ADSS Server from Windows service panel or Unix daemon to have the changes take effect

...