From f42e4e09208940896313efade3e55d978d73b54d Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 7 Jun 2022 08:53:43 -0700 Subject: [PATCH] Update eap-configuration.md --- windows/client-management/mdm/eap-configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index e1608210b9..1565168c9c 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -139,7 +139,7 @@ The following list describes the prerequisites for a certificate to be used with - The certificate must have at least one of the following EKU properties: - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2. - - Any Purpose: This property is an EKU-defined one and is published by Microsoft.,It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. + - Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes. - The user or the computer certificate on the client must chain to a trusted root CA. @@ -287,4 +287,4 @@ Alternatively, you can use the following procedure to create an EAP configuratio ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md)