Page Comparison

General:

• Validity = 3 years
• Renewal Period = 6 weeks
• Published in Active Directory

We can see certificate issued under user account properties in AD

Compatability:

Default setting

Request Handling:

• Purpose = Signature and SmartCard Logon
• Prompt the User during enrollment = Set

Image Modified

Cryptography:

• Key Size = 1024
• Requests can use any provider available on the subject’s computer

Key Attestation:

Default setting

Subject Name:

Issuance Requirements:

• This number of authorized signatures = 1
• Policy = Application Policy and Certificate Request Agent
• Reenrollment = Same criteria as for enrollment

Suspended Templates:

No settings = Default

Extensions:

•   Application Policy = Client Authentication, SmartCard Logonpolicies = Smart card Logon, Client Authentication

Extensions:

• Basic Constraints = Default settings

Extensions:

• Certificate Template Information = Default Setting

Extensions:

• Issuance Policies = Default setting (Certificate policies are also known as issuance policies)Setting

Extensions:

• Key Usage
• Digital Signature
• Critical extension

• usage: Digital signature – Critical extension

Security:

These settings determine the privileges for the Certificate for read, modify and enroll of certificate.

Only the DL_CA_ADM, the DL_LRA_ADM and the DL_CA_LRA _Operators groups should get this
certificate via auto EnrollmentEnroll.

• Authenticated Users = Read
• DL_CA_Admins = Read, Write, Enroll
• DL_CA_LRA_Admins = Read, Write,   Enroll
• DL_CA_LRA_Operators = Read, Enroll
• Domain Admins = Read, Write
• Enterprise Admins = Read, Write

Server:

Default settings