Microsoft AD CS Intermediate CAPolicy.inf Example

CAPolicy.inf

[Version]
Signature="$Windows NT$"

;[RequestAttributes]
;CertificateTemplate=ExampleSubCA

[PolicyStatementExtension]
Policies=InternalPolicy,AllIssuancePolicy

[AllIssuancePolicy]
OID=2.5.29.32.0
;Notice="Internal PKI Legal Policy Statement"
URL=http://pki.example.com/pki/cps

[InternalPolicy]
OID=1.2.3.4.1455.67.89.5
Notice="Internal PKI Legal Policy Statement"
URL=http://pki.example.com/pki/cps

[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
LoadDefaultTemplates=0
AlternateSignatureAlgorithm=0

;[EnhancedKeyUsageExtension] 
;OID=1.3.6.1.5.5.7.3.4         ; Secure Mail
;OID=1.3.6.1.4.1.311.20.2.2    ; Smart Card Logon
;OID=1.3.6.1.5.5.7.3.2         ; Client Authentication
;OID=1.3.6.1.5.5.7.3.1         ; Server Authentication
;Critical=No

[BasicConstraintsExtension]
Pathlength = 1
Critical = true

;[NameConstraintsExtension]
;Include = NameConstraintsPermitted
;Exclude = NameConstraintsExcluded
;Critical = true

;[NameConstraintsPermitted]
;DirectoryName = "DC=corp,DC=gnetworks,DC=org"
;DirectoryName = "DC=gnetworks,DC=org"
;DNS = .corp.gnetworks.org
;DNS = .gnetworks.org
;email = @corp.gnetworks.org
;email = @gnetworks.org
;UPN = .corp.gnetworks.org
;UPN = @corp.gnetworks.org
;UPN = .gnetworks.org
;UPN = @gnetworks.org

;[NameConstraintsExcluded]