AD CS - OID for root and issuing CAs

by SubZeno   Last Updated May 15, 2019 21:00 PM

I am willing to install a Root CA and an Issuing CA with AD CS for my private environment (test purpose).

Do I need to obtain public OIDs (i.e. from IANA) or can I skip this requirement since my CAs are private within my domain?



Answers 1


For private or test environments you can use fictional object identifiers.

For:

  • public envrionments

or

  • there is a chance that you will create PKI trust relationships with another company (via cross-certification, for example)

I suggest to obtain a free publically-registered OID from IANA: https://pen.iana.org/pen/PenApplication.page

Crypt32
Crypt32
May 15, 2019 19:55 PM

Related Questions


Updated January 14, 2016 10:00 AM

Updated May 29, 2017 15:00 PM

Updated January 26, 2019 15:00 PM

Updated April 01, 2019 19:00 PM