How do I configure AD CS to support Name Constraints (4.2.1.11 in RFC 2459)?

ssl-certificate certificate-authority smime ad-certificate-services smartcard

Solution 1:

Microsoft just posted this article on how to use Name Constraints with AD CS

To apply a name constraint to a pending policy run the following command

Certreq -policy originalrequest.req policy.inf modifiedrequest.req

originalrequest.req – the original request file provided by the subordinate to the parent CA

policy.inf - The policy file containing the settings you want to be applied to the request

modifiedrequest.inf - This is the output file that will contain the original request and has been modified by the policy. This file will be supplied to the parent CA instead of the originalrequest.req

Related

2k3 to 2k12 AD, DC and DNS Migration
Force DFS-R into a dirty state
Storing plaintext passwords for SVN
Different ACLs on two OU's with same "protect object from deletion" setting
Server 2012r2 RDS - Start Screen
Compression of Tomcat mod_jk results in Apache httpd
Apache: Force HTTP 1.1 or Persistent/KeepAlive connections for HTTP 1.0 requests
reusing existing RAIDs on preseeded installation
Method / Tools to analyze temporarily bandwith collapse
How to route some email accounts of a domain with transport_maps to another MX if user doesn't exist locally?
Trying to understand HTB subclasses rate
SSL verification error with git (on github) on Ubuntu 14.04