Last time I came across a strange limitation in Windows 2008 Server Standard Edition. We were busy building a new OCS (Office Communication Server) infrastructure and we found a running CA (Certificate Authority) which we wanted to utilize for the internal TLS certificates.
However we didn’t succeed in using the required Certificate templates for OCS.
After some investigation it seems that Windows 2008 Server Standard Edition supports only V1 Certificate Templates.
I grabbed my PKI book from Brian Komar (he is the best PKI resource I know) his book can be found here.
And my suspicion was confirmed:
“An enterprise CA running on standard edition of windows 2003 or windows 2008 can issue certificates based only on version1 cert templates. This is a common problem encountered by companies because they do not realize that the Standard editions cannot issue version 2 or 3 cert templates.
The only way to issue version 2 or version 3 cert templates is to perform an upgrade in place to the Enterprise edition of the Operating system”
Of course this is not the case with the Enterprise edition of Windows Server 2008.
So be aware, if you plan a PKI infrastructure ask your customer to look ahead in the future and justify the investment of one Enterprise Edition of Windows server
