
If you were using User certificates the you would copy the User template. Locate and make a copy of the Workstation Authentication template. Start > Administrative Tools > Certification Authority > Certificate Templates > Manage.Ĥ. The only thing I’m going to change is the lifetime, I usually change that from 5 to 10 years (force of habit, after 5 years it will probably still be my problem, in 10 years it will be replaced, or in a skip!)Ĭreate a Computer Certificate Template and Issue it.ģ. Launch Server Manager (Servermanager.msc) Roles > Add Roles > Active Directory Certificate Services > Next > I’m going to accept all the defaults.Ģ. Prerequisites: A Windows domain environment, with working DNS. As stated I’m deploying Computer certificates but the process is practically the same for issuing User certificates (I’ll point out the differences where applicable). So task one was getting my head round ‘auto enrollment’. I’ll be working with Server 2008 R2 and Windows 7 clients. I need to setup wireless authentication based on computer certificates, I’ve done similar jobs before by manually issuing certificates for Cisco An圜onnect, but this will be for NAP/ RADIUS authentication to MSM. Upgrade Your Microsoft PKI Environment to SHA2 (SHA256) SHA CERTIFICATE WARNING: Note This article was written some time ago, ensure your CA environment does NOT use SHA1 for your certificates, if it does, Please visit the following link for migration instructions
