AD CS - OID for root and issuing CAs

by SubZeno   Last Updated May 15, 2019 21:00 PM

I am willing to install a Root CA and an Issuing CA with AD CS for my private environment (test purpose).

Do I need to obtain public OIDs (i.e. from IANA) or can I skip this requirement since my CAs are private within my domain?

Answers 1

For private or test environments you can use fictional object identifiers.


  • public envrionments


  • there is a chance that you will create PKI trust relationships with another company (via cross-certification, for example)

I suggest to obtain a free publically-registered OID from IANA:

May 15, 2019 19:55 PM

Related Questions

Updated January 14, 2016 10:00 AM

Updated May 29, 2017 15:00 PM

Updated January 26, 2019 15:00 PM

Updated April 01, 2019 19:00 PM