deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3827 from ojrb/Issue3248

Browse Source 
Hybrid-key-trust-prereqs (New changes missing)
This commit is contained in:
Andrea Barr
2019-05-28 11:56:20 -07:00
committed by GitHub
parent e73604f428 49064c416e
commit 5ed4090cf6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
View File

@ -63,7 +63,7 @@ The minimum required enterprise certificate authority that can be used with Wind
* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL.
* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name). * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name).
* The certificate Key Usage section must contain Digital Signature and Key Encipherment. * The certificate Key Usage section must contain Digital Signature and Key Encipherment.
* Optionally, the certificate Basic Constraints section should contain: * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1). * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1).
* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.
* The certificate template must have an extension that has the BMP data value "DomainController". * The certificate template must have an extension that has the BMP data value "DomainController".