Patch for Windows, powered by Shavlik

Requirements and Exceptions

This section identifies the requirements you must meet if you choose to use your own CA to generate a new authority certificate.

You cannot use a server SSL certificate (such as a wild card certificate) as your sub-authority certificate.

Requirements of the New Sub-Authority Certificate

Must have a basic constraints extension

The extension indicates that the certificate is able to issue other certificates. You may choose to specify that the parameter length is 0 (meaning that certificate cannot be used to create an issuing certificate). For more information, see RFC 5280.

Must have KeyCertSign and CrlSign key usage extensions

Must have an associated private key on the Ivanti Patch for Windows console machine

Must be located in the computer account's Intermediate Certification Authorities certificate store on the console machine

Exceptions

When you configure your environment to work with a third-party CA, the console will no longer automatically update an expiring root certificate. Ivanti Patch for Windows will provide a warning when the certificate is nearing its expiration date, but it will be up to the local administrator to manually create the new certificate using their own CA.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other