Hi All
This is a requirement by one of applications which is trying to use SSL certificate issued by me. The SSL certificate have SKI and AKI extensions and is issued from a Windows 2008 R2 Ent CA.
The application team is requesting me to remove this extension as it is not supported by their application. I am not sure why it would cause an issued, as both SKI and AKI are NOT marked as critical.
When I built the CA, I did not set any SKI and AKI configuration for the issued certificates. I rechecked the CNF file of the CA but couldn't find anything. So I guess this is a default assertion by the CA.
Can I request you to let me know if there is a way to remove the SKI extension only on the issued certificates ?One of the forum threads referred to:2 5 29 14
certutil -setreg policy\DisableExtensionList +2.5.29.14
net stop certsvc
net start certsvc
Is this correct ?
Also, would like to know whether this SKI extension at end point certificate would be used for any validation. As far as I know only AKI is used for certificate validation.
Thanks in advance.
Sans.