This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 23%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hello.
We have internal CA server and AD based distibution of certificates to computers by group policy.
I'ts all good and fine, but now we had to edit computer certificate template
for certificate based autentication to network with radius. (yes we use computer certificates not user sertificates)
This works also fine when i manually update computer certificate from client side by certificates mmc.
But how can I command all computers to update their sertificates mid term
so all of them get new sertificates with modified field?
(change of SUBJECT fied from empty to DNS name)
Matti T
Do you use certificate autoenrollment?
Yes.
Active directory based group policy autorolled.
If you use certificate autoenrollment, then go to affected certificate template (in certtmpl.msc), right-click on it, Reenroll all certificate holders menu item. When autoenrollment triggers next time (within 1 day), it will detect that existing certificate must be renewed out of standard AE renewal schedule and will reenroll the certificate from updated template.
This is perfect solution and solved our problem.
Yesterday I did this operation and updated certificates are now distributed to almoust all computers.
Thank you very much.