A question viewing certifcate information via the padlock symbol in IE 11 (works on Chrome brower)

hello all

can please me following questions, j

1:

i have ca ca certificate has issuance (aka certificate) policy.

next created csr webserver certificate, created csr first creating .inf (request file) containing usual including following

[requestattributes]

certificatetemplate=webserver

oid=1.3.6.1.5.5.7.3.1

issuancepolicy="my certificate policy"

oid=1.3.6.1.4.145389.1.1.1

turned above csr (base64 encoded) submitted , retrieved relevant certificate ca

if open certificate flat file resultant certificate has relevant issuance policy listed under section

‘this certificate intended following purposes’

so far

next install certificate web site , bind etc. when go web site e.g. https://testsite certificate works , traffic encrypted etc… e.g. click on padlock in internet explorer provides expected information, when click on view certificate via padlock symbol; in internet explorer certificate come ok under

‘this certificate intended following purposes’

it not show issuance policy e.g. standard application policy webserver cert.

if under details/extensions tab of certificate show certificate policy under certificate policies extension, looks ok extensions tab, policy not show under ‘this certificate intended following purposes’ when certificate viewed via padlock on ie show if open certificate flat file (either original certificate file or copy file view certificate flat file).

the oid policy registered in both active directory , local oid databases.

so question why not see issuance policy when viewing cert via padlock in ie when viewing flat file.

i using ie 11.x

when doing same thing chrome browser certificate policy show ok, therefore possible bug ie 11.x

thanks all

aanotheruser__

---

aanotheruser__

is oid (1.3.6.1.4.145389.1.1.1) included in ca certificate issued certificate. per strict chain validation, issuing ca must include oid in certificate. moving level, next ca must have oid (or issuance policies oid).

brian

Windows Server  >  Security