deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update hello-hybrid-key-trust-prereqs.md

Browse Source
This commit is contained in:
MaratMussabekov 2021-12-25 22:16:44 +05:00 committed by GitHub
parent e2ee11d9c0
commit 1d980efbf9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
View File

@ -69,7 +69,7 @@ Key trust deployments do not need client issued certificates for on-premises aut
The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](/troubleshoot/windows-server/windows-security/requirements-domain-controller). The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](/troubleshoot/windows-server/windows-security/requirements-domain-controller).
* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder. * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder.
* The certificate Subject section should contain the directory path of the server object (the distinguished name). * Optionally, the certificate Subject section could contain the directory path of the server object (the distinguished name).
* The certificate Key Usage section must contain Digital Signature and Key Encipherment. * The certificate Key Usage section must contain Digital Signature and Key Encipherment.
* Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).