Thursday, January 27, 2011

Certificate Template Versions

Microsoft certification authorities (CAs) support three types of certificate templates: Version 1, Version 2, and Version 3.
   CAs that are set up on servers running Windows Server 2003, Standard Edition, or Windows 2000 Server support only version 1 templates. CAs that are set up on servers running Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition, support both version 1 and version 2 templates. CAs that are set up on servers running Windows Server® 2008 support all three versions.
   In addition, version 3 certificate templates can only be used by clients on computers running Windows Server 2008 or Windows Vista®.

Version 1 certificate templates
   Version 1 templates are provided for backward compatibility and support many general needs for subject certification. They are created by default when a CA is installed and cannot be modified or removed. When you duplicate a version 1 template, the duplicate becomes a version 2 or version 3 template that can be modified.

Version 2 certificate templates
   Version 2 certificate templates allow customization of most settings in the template. Several preconfigured version 2 templates are supplied in the default configuration, and more can be added as necessary. This allows complete configuration flexibility for administrators.

Version 3 certificate templates
   Version 3 certificates allow administrators to add advanced Suite B cryptographic settings to their certificates. Suite B includes advanced options for encryption, digital signatures, key exchange, and hashing. Certificates based on version 3 certificate templates can only be issued from CAs installed on servers running Windows Server 2008 and used on clients running Windows Server 2008 or Windows Vista.

No comments:

Post a Comment