During our project, we had several issues while setting up SSL with the certificates our client generated with their Microsoft Certificate Server.
As part of support ticket, we identified that the issue was that CA Directory user store was not supporting default certificate attributes generated by default by the Microsoft Certificate Server. We had to do the following modifications:
- X509 Key Usage: added “Key Agreement”
- X509v3 extended key usage : removed “TLS WEB Server Authentication”
Our ask: update CA Directory to allow these attributes , and properly document which attributes cetificates should or not be present with supported or required parameters.
CA Directory version: 12.0.10205 (coming with IDM 12.6sp7)