This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 19%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We are using Microsoft PKI to issue user and computer certificates using autoenrollment to window 10 machines. Certificates are issuing perfectly for machines connected on corporate LAN using wired and wireless connectivity. But certificate not getting issued for window 10 endpoints connected on SSL VPN ( working from home). Autoenrollment GPO is linked to endpoints and applied successfully over VPN connection, also endpoints have autoenroll rights on template.
VPN gateway is setup in a way that we need to reconnect VPN once signout and signin back into the computer.
No event has been seen in event viewer for updating local certificate store for any newly issued certificate and MMC personal store is showing blank. Please suggest how to autoenroll certificates for window 10 machines connected on SSL VPN connection.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Step 1 - Create a security group
To create a security group on Active Directory
On DC1, click Start > Administrative Tools, and then click Server Manager.
In the navigation pane, expand Roles, expand Active Directory Domain Services, expand Active Directory Users and Computers, expand contoso.com, right-click Users, click New, and then click Group.
In the New Object - Group dialog box, in the Group name text box, type a name for the group. Example: AutoEnrollGroup.
Click OK. Leave Server Manager running with the Computers container shown in the results pane.
Step 2 - Create a certificate template to enroll
To create a certificate template
Open the Certificate Templates Console
From the Start menu, click Run.
Type certtmpl.msc in the text box and click OK. Certificate Templates Console window appears on the page.
Under General tab,
Type a Template display name. For example, User Auto Enroll.
(Optional) Modify the default Validity Period and Renewal Period as per your requirements.
Select Publish certificate in Active Directory check box.
reference:https://docs.druva.com/Knowledge_Base/inSync/How_To/How_to_set_up_automatic_certificate_enrollment_in_Active_Directory
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky