Certificate Template Versions
Applies To: Windows Server 2008
Microsoft certification authorities (CAs) support three types of certificate templates: version 1, version 2, and version 3.
CAs that are set up on servers running Windows Server 2003, Standard Edition, or Windows 2000 Server support only version 1 templates. CAs that are set up on servers running Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition, support both version 1 and version 2 templates. CAs that are set up on servers running Windows Server® 2008 support all three versions. In addition, version 3 certificate templates can only be used by clients on computers running Windows Server 2008 or Windows Vista®.
Version 1 certificate templates
Version 1 templates are provided for backward compatibility and support many general needs for subject certification. They are created by default when a CA is installed and cannot be modified or removed. When you duplicate a version 1 template, the duplicate becomes a version 2 or version 3 template that can be modified.
Version 2 certificate templates
Version 2 certificate templates allow customization of most settings in the template. Several preconfigured version 2 templates are supplied in the default configuration, and more can be added as necessary. This allows complete configuration flexibility for administrators.
Version 3 certificate templates
Version 3 certificates allow administrators to add advanced Suite B cryptographic settings to their certificates. Suite B includes advanced options for encryption, digital signatures, key exchange, and hashing. Certificates based on version 3 certificate templates can only be issued from CAs installed on servers running Windows Server 2008 and used on clients running Windows Server 2008 or Windows Vista.
Duplicating certificate templates
New certificate templates are created by duplicating existing templates. Many settings are copied from the original template. You can also select whether to create the duplicate as a version 2 or version 3 certificate template.
To create a new certificate, you should create the duplicate based on an existing template closest in function to the intended template.
If you create a new template by duplicating a template of a different type, the new template may include settings that you did not intend to use.
When duplicating a template, examine the subject type of the original template and ensure that you duplicate a template that has a similar function to that of the intended template.
Although most settings for certificate templates can be edited after the template is duplicated, the subject type cannot be changed.