Partilhar via


Default Certificate Templates

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Default certificate templates

Windows Server 2003 family certification authorities come with a number of preconfigured certificate templates that are designed to meet the needs of most organizations. These templates are:

Name Description Key Usage Subject Type Published to Active Directory? Template Version

Administrator

Allows trust list signing and user authentication

Signature and encryption

User

Yes

1

Authenticated Session

Allows subject to authenticate to a Web server

Signature

User

No

1

Basic EFS

Used by Encrypting File System (EFS) to encrypt data

Encryption

User

Yes

1

CA Exchange

Used to store keys that are configured for private key archival

Encryption

Computer

No

2

CEP Encryption

Allows the holder to act as a registration authority (RA) for simple certificate enrollment protocol (SCEP) requests

Encryption

Computer

No

1

Code Signing

Used to digitally sign software

Signature

User

No

1

Computer

Allows a computer to authenticate itself on the network

Signature and encryption

Computer

No

1

Cross-Certification Authority

Used for cross-certification and qualified subordination. For more information, see Qualified subordination overview.

Signature

CrossCA

Yes

2

Directory E-mail Replication

Used to replicate e-mail within Active Directory

Signature and encryption

DirEmailRep

Yes

2

Domain Controller

All-purpose certificates used by domain controllers

Signature and encryption

DirEmailRep

Yes

1

Domain Controller Authentication

Used to authenticate Active Directory computers and users

Signature and encryption

Computer

No

2

EFS Recovery Agent

Allows the subject to decrypt files previously encrypted with EFS

Encryption

User

No

1

Enrollment Agent

Used to request certificates on behalf of another subject

Signature

User

No

1

Enrollment Agent (Computer)

Used to request certificates on behalf of another computer subject

Signature

Computer

No

1

Exchange Enrollment Agent (Offline request)

Used to request certificates on behalf of another subject and supply the subject name in the request

Signature

User

No

1

Exchange Signature Only

Used by Microsoft Exchange Key Management Service to issue certificates to Exchange users for digitally signing e-mail

Signature

User

No

1

Exchange User

Used by Microsoft Exchange Key Management Service to issue certificates to Exchange users for encrypting email

Encryption

User

Yes

1

IPSEC

Used by IP Security (IPSec) to digitally sign, encrypt, and decrypt network communication

Signature and encryption

Computer

No

1

IPSEC (Offline request)

Used by IP Security (IPSec) to digitally sign, encrypt and decrypt network communication when the subject name is supplied in the request

Signature and encryption

Computer

No

1

Key Recovery Agent

Recovers private keys that are archived on the certification authority. For more information, see Key archival and recovery.

Encryption

KRA

No

2

RAS and IAS Server

Enables RAS and IAS servers to authenticate their identity to other computers

Signature and Encryption

Computer

No

2

Root Certification Authority

Used to prove the identity of the root certification authority

Signature

CA

No

1

Router (Offline request)

Used by a router when requested through Simple Certificate Enrollment Protocol (SCEP) from a certification authority that holds a CEP Encryption certificate

Signature and encryption

Computer

No

1

Smartcard Logon

Allows the holder to authenticate using a smart card

Signature and encryption

User

No

1

Smartcard User

Allows the holder to authenticate and protect e-mail using a smart card

Signature and encryption

User

Yes

1

Subordinate Certification Authority

Used to prove the identity of the root certification authority. It is issued by the parent or root certification authority

Signature

CA

No

1

Trust List Signing

Allows the holder to digitally sign a trust list

Signature

User

No

1

User

Used by users for e-mail, EFS and client authentication

Signature and encryption

User

Yes

1

User Signature Only

Allows users to digitally sign data

Signature

User

No

1

Web Server

Proves the identity of a Web server

Signature and encryption

Computer

No

1

Workstation Authentication

Enables client computers to authenticate their identity to servers

Signature and encryption

Computer

No

2

For more information on certificate templates, see Certificate Templates. For more information on key usage, see Key usage. For more information on template versions and publishing to Active Directory, see Using Certificate Templates.