Manage Certificate Templates

The certificate templates are the certificates that you want to use with your applications. A number of certificates templates are offered to you to by AD CS. The certificate templates are configurable and can be personalized. To use templates, you need to be connected to DC so that templates can be published to AD DS. If you are not connected to DC then you need to connect to the DC through the Server Manager before continuing to configure templates.

To configure certificate templates, you need to:
  1. Click Start->Settings->Control Panel->Administrative Tools-> Server Manager->Roles->Active Directory Certificate Services->Certificate Templates, <server name> as shown in Figure 7-7.A list of templates appear on the details pane
    Figure 7-7
  2. Right-click the template that you want to use and select Duplicate Template from the menu that appears, as shown in Figure 7-8:
    Figure 7-8

    The Duplicate Template window appears, as shown in Figure 7-9.

  3. Select the version of Windows Server to support. Select Windows Server 2008 unless you are working in a mixed PKI hierarchy and then click OK.
    Figure 7-9

    The Properties of New Template window appears, as shown in Figure 7-10. The General tab displays a default name for the duplicate template.

  4. Provide a meaningful name to the template in the Template display name field.
    Figure 7-10
  5. Click Request Handling tab and select Include symmetric algorithms allowed by the subject, Archive subject’s encryption private key, and Use advanced Symmetric algorithm to send the key to the CA options, as shown in Figure 7- 11:
    Figure 7-11

    You can configure the other tabs as per your requirements.

  6. Click OK.The configuration of a template often requires some other activities or other templates also to be configured. For example, if you are configuring Basic EFS template then you should also configure EFS Recovery Agent Template. For a complete help on the template that you want to configure you should view the online help for the AD CS.

    Once your template is ready, you must issue the template to enable CA to issue certificates based on it.

  7. Go to Server Manager->Roles->Active Directory Certificate Services- >
    ->Certificate Templates
  8. Right-click Certificate Templates and then select New->Certificate Template to Issue. The Enable Certificate Templates dialog box appears.
  9. Select the templates that you want to issue by using CTRL+Click and then click OK.