deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update eap-configuration.md

Browse Source 
Improved readability of the EKU property requirements.
This commit is contained in:
Steve Burkett 2019-07-16 08:54:00 +12:00 committed by GitHub
parent 6029dfc9f5
commit 4e98c1d630
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/client-management/mdm/eap-configuration.md
View File

@ -142,11 +142,11 @@ The following list describes the prerequisites for a certificate to be used with
- The certificate must have at least one of the following EKU (Extended Key Usage) properties: - The certificate must have at least one of the following EKU (Extended Key Usage) properties:
- Client Authentication - Client Authentication
- As defined by RFC 5280, this is a well-defined OID with Value 1.3.6.1.5.5.7.3.2 - As defined by RFC 5280, this is a well-defined OID with Value 1.3.6.1.5.5.7.3.2
- Any Purpose - Any Purpose
- An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering. - An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering.
- All Purpose - All Purpose
- As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes. - As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
- The user or the computer certificate on the client chains to a trusted root CA - The user or the computer certificate on the client chains to a trusted root CA
- The user or the computer certificate does not fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy. - The user or the computer certificate does not fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
- The user or the computer certificate does not fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server. - The user or the computer certificate does not fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.