Custom application policy and certificate policy OIDs are not exportedΒ #5
Description
In ADCS, PKI administrators may define custom application policies (MSFT analogue of Enhanced Key Usage extension) and certificate policies. When exporting certificate template, it might be reasonable to export custom OIDs (non-standard) as well and register them in target forest if they are absent.
- Application policies are smple OID<=>VALUE mappings.
- Certificate policy OIDs are same OID<=>VALUE mappings, but contain additional policy qualifiers:
-- CPS (certificate practices statement) location URL
-- Short description (user notice)
Both are optional, but at least one policy qualifier must be specified. ADCS does not allow empty policies.