Compartir a través de


Prepare the CAPolicy.inf File

 

Applies To: Windows Server 2012

On CA1, you must prepare the CAPolicy.inf file before installing Active Directory Certificate Services.

To perform this procedure, you must be a member of the Administrators group.

To prepare the CAPolicy.inf file

  1. Open Windows PowerShell, type notepad c:\Windows\CAPolicy.inf and press ENTER.

  2. When prompted to create a new file, click Yes.

  3. Enter the following as the contents of the file:

    [Version]
    Signature="$Windows NT$"
    [PolicyStatementExtension]
    Policies=InternalPolicy
    [InternalPolicy]
    OID=1.2.3.4.1455.67.89.5
    Notice="Legal Policy Statement"
    URL=https://pki.corp.contoso.com/pki/cps.txt
    [Certsrv_Server]
    RenewalKeyLength=2048
    RenewalValidityPeriod=Years
    RenewalValidityPeriodUnits=5
    CRLPeriod=weeks
    CRLPeriodUnits=1
    LoadDefaultTemplates=0
    AlternateSignatureAlgorithm=1
    [CRLDistributionPoint]
    [AuthorityInformationAccess]
    
  4. Click File, and then click Save As. Ensure the following:

    • File name is set to CAPolicy.inf

    • Save as type is set to All Files

    • Encoding is ANSI

  5. When you are prompted to overwrite the file, click Yes.

    Ensure CAPolicy.inf file has appropriate settings

    Warning

    Be sure to save the CAPolicy.inf with the inf extension. If you do not specifically type .inf at the end of the file name and select the options as described, the file will be saved as a text file and will not be used during CA installation.

  6. Close Notepad.

Important

In the CAPolicy.inf, you can see there is a line specifying the URL https://pki.corp.contoso.com/pki/cps.txt. The Internal Policy section of the CAPolicy.inf is just shown as an example of how you would specify the location of a certificate practice statement (CPS). In this guide, you are not instructed to create the certificate practice statement (CPS). To learn more about policy statements including CPS, see Additional Resources1.