If a user does not have Enroll permissions on a particular template, the CA will deny any request submitted by the user for a certificate based on that template.Īs the Windows Server operating system has evolved over the last ten years, so has the concept of the certificate template. Second, permissions set on the certificate template’s Active Directory object determine whether or not a user or computer is permitted to request a certificate based on that template. For example, if the CorpUserEmail template is not available on the CA then the CA cannot issue certificates based on that template. First, an Enterprise CA can only issue certificates based upon the templates it is configure to use. When requesting a certificate, a client can just specify the template name in the request and the CA will build the certificate based upon the requestor’s information in Active Directory and the properties defined in the template.Ĭertificate templates are also used to define the enrollment policy on the CA. Windows includes several predefined templates, but Administrators also have the ability to create their own templates specific for their enterprise. Certificate templates contain properties that would be common to all certificates issued by the CA based on that template. Enterprise Certification Authorities (CAs), as well as clients, utilize what are called certificate templates. In this segment I will be covering setting up certificate templates on the newly created CA hierarchy.
0 Comments
Leave a Reply. |