Entrust PKI as a Service provides the following certificate profiles for WSTEP enrollment with Certificate Enrollment Gateway.
Profile | Usages |
|---|---|
wstep-digital-signature-key-encipherment | Digital signature and key encipherment |
wstep-digital-signature | Digital signature |
wstep-key-encipherment | Key encipherment |
wstep-non-repudiation | Digital signature and non repudiation |
The validity period for these WSTEP certificate profiles will match what is defined in the Windows Certificate Template, with a maximum validity period of 3 years. These WSTEP certificate profiles support the following extensions in the certificate requests.
Certificate request extension | OID |
|---|---|
CertificatePolicies | 2.5.29.32 |
ExtendedKeyUsage | 2.5.29.37 |
ApplicationPolicies | 1.3.6.1.4.1.311.21.10 |
SmimeCapabilities | 1.2.840.113549.1.9.15 |
MSTemplateOID | 1.3.6.1.4.1.311.21.7 |
MSTemplateName | 1.3.6.1.4.1.311.20.2 |