Certificate template compatibility questions

Hobbit1082 41 Reputation points

Good afternoon everyone,

I often works on PKI projects, I have two questions and I would like to hear your recommendations and point of view :

#1 - What are the best practices regarding certificates templates compatibility settings (Certification Authority & Certificate Recipient) ?
The concept is clear. However, as Vadims points out in his answer here (https://social.msdn.microsoft.com/Forums/en-US/970154fa-908f-4460-8df4-9b89aee6afc1/adcs-templates-compatibility-question?forum=winserversecurity), there may be some side effects with applications. This post is 5 years old, do you have any recommendations or updates ?

#2 - What would you recommend regarding the Cryptographic Service Providers ?
This post is really clear : https://www.pkisolutions.com/understanding-microsoft-crypto-providers/. I woud like to know if you have any recommendation, warning or complementary advice about using recent CSP.

As usual, thank you for your time !

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,778 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vadims Podāns 9,116 Reputation points MVP

    .NET added very solid CNG support in last couple years, so developers easily can add CNG support in their applications. It is what was significantly changed since I wrote that post. World moves toward CNG (modern) crypto. However, the question is too broad and I would configure every template according to intended purpose and applications that will utilize certificates. If you would clarify your question to be more specific, then I maybe could add more specific recommendations.

1 additional answer

Sort by: Most helpful
  1. Hobbit1082 41 Reputation points

    Both questions were indeed broad, but writing this initial post made me realize several things, and your answer also helped me !

    Thank you for your answer ! If I have more specific questions, I will come back !.

    0 comments No comments