Problem Statement:

Resolution

Verified that certificate policy field was added to the certificate with OID. This needs to be matching on all CAs in hierarchy.

To remove Digital signature form KeyUsage filed of certificate, configure registry using following commands on Root CA:

  1. certutil -setreg Policy\EditFlags -EDITF_ADDOLDKEYUSAGE
  2. net stop certsvc
  3. net start certsvc

Leave a Reply

Your email address will not be published. Required fields are marked *