Friday, May 9, 2014

Configure Automatic Certificate Allocation from an Enterprise CA

Applies To: Windows Server 2008, Windows Server 2008 R2
To install computer certificates through auto-enrollment, configure Group Policy on the Active Directory domain for automatic allocation of computer certificates.

To configure automatic certificate allocation from an enterprise CA

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
  1. On the domain controller, open the Active Directory Users and Computers MMC snap-in.
  2. In the console tree, double-click Active Directory Users and Computers, right-click the domain name in which your CA is located, and then click Properties.
  3. On the Group Policy tab, click Default Domain Policy, and then click Edit.
  4. In the console tree, right-click Automatic Certificate Request Settings, point to New, and then click Automatic Certificate Request.

    Where?

    • Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Automatic Certificate Request Settings
  5. When the Automatic Certificate Request wizard appears, click Next.
  6. In Certificate templates, click Computer, and then click Next.

    Your enterprise root CA appears on the list.
  7. Click the CA, click Next, and then click Finish.
  8. To create a computer certificate for the CA computer, type the following at the command prompt:

    gpupdate /target:Computer

No comments:

Post a Comment