Hi
I'm attempting to make an SSL server certificate to be installed on IIS. The CSR needs to be generated programatically, hence I'm using the certreq utility with Request.INF provided.
I've a few questions regarding the parameters in Request.INF file.
1. For Windows’s TLS support, the provider must be set Microsoft RSA SChannel Cryptographic Provider. Is this correct?
2. Should the AlternateSignatureAlgorithm be set to false?
3. Should the KeyUsage be set to 0xa0?
4. Should the 'KeyUsageProperty' be set to NCRYPT_ALLOW_ALL_USAGES ?
5. Should the Enhanced Key Usage Extension OID to be set to 1.3.6.1.5.5.7.3.1?
6. For an IIS SSL server certificate, does it make sense to mention a securityDescriptor ? If yes, what should this be set to ideally?
Please help.
Thanks in advance!
Akshata