Article ID: 283789 - View products that this article applies to.
This article was previously published under Q283789
The Issuer Statement button is unavailable in the View Certificate dialog box even though a policy statement had been specified in the Capolicy.inf file.
The Certificate Services Setup code constructs a Public-Key Cryptography Standard #10 (PKCS #10) request that contains an array of X.509 extensions that should be included in the issued certificate. If the policy statement is included in a properly formatted Capolicy.inf file located in %SystemRoot%, the policy statement information is included in the request sent to the server.
When the PKCS #10 request is submitted to the certification authority (CA), the CA's policy module must take action to put the policy statement information that is included with the request into the appropriate extension in the certificate.
By design, extensions included in requests are added to the certificate server database, but are not included in the certificate. Certificate Services relies upon its configuration information in the registry to determine exactly which extensions to transfer from a request to the certificate. To check the current settings, perform the following steps:
To resolve this behavior, follow these steps:
You can also use the Certutil.exe program to verify that the policy statement information is actually included in the request. To observe this information, save the certificate request to a file, and then type the following line at a command prompt:
certutil filename.reqThe returned information should look like the following:
Even though the details can vary, if the 126.96.36.199 section exists, the policy statement information is included in the certificate request. If this section is not included in the request, you must verify the format of the Capolicy.inf file.
188.8.131.52: Flags = 0, Length = 1e1 Certificate Policies Certificate Policy: PolicyIdentifier=184.108.40.206.4.1.311.21.43 [1,1]Policy Qualifier Info: Policy Qualifier Id=User Notice Qualifier: Notice Text=Legal policy statement text. Certificate Policy: PolicyIdentifier=220.127.116.11.4.1.311.21.47 [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: http://http.site.com/some%20where/default.asp [2,2]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: ftp://ftp.site.com/some%20where%20else/default.asp [2,3]Policy Qualifier Info: Policy Qualifier Id=User Notice Qualifier: Notice Text=Limited use policy statement text. [2,4]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: ldap://ldap.site.com/some%20where%20else%20again/default.asp Certificate Policy: PolicyIdentifier=18.104.22.168.4.1.311.21.53 [3,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: http://extra.site.com/Extra%20Policy/default.asp Certificate Policy: PolicyIdentifier=22.214.171.124.4.1.311.21.55
Article ID: 283789 - Last Review: October 31, 2006 - Revision: 2.3
Contact us for more help