This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
According to the article here, it is required to have the certificate template setting “Supply in the request and Use subject information from existing certificates for autoenrollment renewal requests” in order to configure certificate key-based renewal via CEP and CES.
Is it possible to issue the initial certificate by having Subject name via “Build from this Active Directory information” setting and for renewals use the key based authentication?
The background to this question is, I have some technical user accounts (with Active Directory) where the initial certificate needs to be issued using AD information (Subject Name - Supply in the request is not an option here). Then these certificates will be exported out to some other non-domain joined machines where they will be used in some applications. So, the renewals need to happen in these non-domain joined machines.
Thanks
Hello @haroldpeters ,
Configure the template for key-based renewal.
As a prerequisite, configure a CEP and CES server for username and password authentication. In this environment, we refer to the instance as "CEPCES01".
Configure another CEP and CES instance by using PowerShell for certificate-based authentication on the same server. The CES instance will use a service account.
In this environment, we refer to the instance as “CEPCES02”. The service account that’s used is ”cepcessvc”.
Configure client-side settings.
in order to execute the renewals within these non-domain joined machines. do follow the below link
Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )