Checklist: Configuring certificate autoenrollment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Checklist: Configuring certificate autoenrollment
| Step | Reference |
|---|---|
Install and configure an enterprise certification authority (CA) |
Install an enterprise root certification authority; Install an enterprise subordinate certification authority |
Create a new certificate template |
|
Configure the certificate template to provide the intended functionality for the certificate |
|
Configure the certificate template to allow autoenrollment |
|
Grant Enroll and Autoenroll permissions for the certificate template to intended users |
Allow subjects to request a certificate that is based on the template |
Configure the certification authority to issue certificates based on the template |
|
Configure Active Directory directory service users to request certificates with autoenrollment |
Certificate Services example implementation: Establishing autoenrollment for user certificates |
(Optional) Retrieve updated Group Policy information before scheduled replication occurs |
Notes
- Windows Server 2003, Enterprise Edition or Windows Server 2003, Datacenter Edition is required to configure version 2 certificate templates for autoenrollment requests. However, autoenrollment manages certificates or pending certificate requests that are based on any version of certificate template.