| [Version] | |
| Signature="$Windows NT$ | |
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ; 2.5.29.19 == Basic Constraints for CA | |
| [Strings] | |
| szOID_BASIC_CONSTRAINTS2 = "2.5.29.19" | |
| [EnhancedKeyUsageExtension] | |
| OID = 1.3.6.1.4.1.311.76.9.21.1 | |
| [NewRequest] | |
| Subject = "CN=TestEKUParsingIssuingCA" | |
| Exportable = true | |
| KeyLength = 256 | |
| HashAlgorithm = sha256 | |
| KeyUsage = "CERT_KEY_CERT_SIGN_KEY_USAGE" | |
| KeyUsageProperty = "NCRYPT_ALLOW_SIGNING_FLAG" | |
| MachineKeySet = True | |
| RequestType = cert | |
| ValidityPeriodUnits = 20 | |
| ValidityPeriod = Years | |
| ProviderName = "Microsoft Software Key Storage Provider" | |
| KeyAlgorithm = "ECDSA_P256" | |
| [Extensions] | |
| %szOID_BASIC_CONSTRAINTS2% = "{text}" | |
| _continue_ = "ca=True" | |
| Critical=%szOID_BASIC_CONSTRAINTS2% | |
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ; This extension is so the this CA is only allowed to | |
| ; issue end-entity certs. | |
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| [BasicConstraintsExtension] | |
| PathLength=0 | |
| ; | |
| ; Surface Firmware Signing EKU | |
| ; | |
| [Extensions] | |
| 2.5.29.37 = "{text}" | |
| _continue_ = "1.3.6.1.4.1.311.76.9.21.1" | |