Certificate template compatibility questions

Hobbit1082 41 Reputation points
2021-04-28T16:08:20.953+00:00

Good afternoon everyone,

I often works on PKI projects, I have two questions and I would like to hear your recommendations and point of view :

#1 - What are the best practices regarding certificates templates compatibility settings (Certification Authority & Certificate Recipient) ?
The concept is clear. However, as Vadims points out in his answer here (https://social.msdn.microsoft.com/Forums/en-US/970154fa-908f-4460-8df4-9b89aee6afc1/adcs-templates-compatibility-question?forum=winserversecurity), there may be some side effects with applications. This post is 5 years old, do you have any recommendations or updates ?

#2 - What would you recommend regarding the Cryptographic Service Providers ?
This post is really clear : https://www.pkisolutions.com/understanding-microsoft-crypto-providers/. I woud like to know if you have any recommendation, warning or complementary advice about using recent CSP.

As usual, thank you for your time !

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,307 questions
No comments
{count} votes

Accepted answer
  1. Vadims Podāns 8,081 Reputation points MVP
    2021-04-28T17:39:45.16+00:00

    .NET added very solid CNG support in last couple years, so developers easily can add CNG support in their applications. It is what was significantly changed since I wrote that post. World moves toward CNG (modern) crypto. However, the question is too broad and I would configure every template according to intended purpose and applications that will utilize certificates. If you would clarify your question to be more specific, then I maybe could add more specific recommendations.


1 additional answer

Sort by: Most helpful
  1. Hobbit1082 41 Reputation points
    2021-04-30T05:38:59.987+00:00

    Both questions were indeed broad, but writing this initial post made me realize several things, and your answer also helped me !

    Thank you for your answer ! If I have more specific questions, I will come back !.

    No comments